→ Back to Home
GitHub Actions

New 'Cordyceps' Flaw Exposes GitHub Actions Secrets via Untrusted Pull Requests

A significant security vulnerability, dubbed 'Cordyceps' by Novee Security, has been identified within GitHub Actions, posing a substantial risk to software supply chain integrity. The flaw specifically exploits a pattern in GitHub Actions workflows where untrusted input originating from pull requests can be leveraged to access privileged CI/CD jobs and sensitive repository secrets. Novee's research, which analyzed approximately 30,000 high-impact projects, flagged 654 repositories as potentially vulnerable, with over 300 confirmed to contain fully exploitable chains, though no active exploitation in the wild has been confirmed. This mechanism bypasses typical security checks, allowing malicious code to operate within a high-privilege context, even when standard pull request restrictions are in place. This disclosure is critical for any organization relying on GitHub Actions for their continuous integration and continuous deployment pipelines. The ability for untrusted external contributions to compromise internal secrets or gain elevated permissions directly threatens the security of an entire software project, from development to production. Given that GitHub Actions often orchestrates crucial tasks like building, testing, signing, and deploying software, a successful exploit could lead to unauthorized code injection, data exfiltration, or even the release of compromised software. The core issue lies in a trust-boundary failure, where low-trust inputs are inadvertently consumed by high-privilege actions, making this a direct threat to the integrity and confidentiality of development assets. The 'Cordyceps' vulnerability is not an isolated incident but rather fits into a broader, well-established trend of CI/CD security challenges. Previous years have seen numerous GitHub Actions-related security incidents, including a 2025 breach exposing secrets in hundreds of repositories and campaigns utilizing malicious GitHub Actions automation across thousands. Research in April 2026 also highlighted how pull request titles and issue bodies could be manipulated in AI-agent workflows to achieve similar ends. The `pull_request_target` event, while useful for trusted automation, is particularly susceptible if not configured with extreme caution, as it runs in the context of the base repository with elevated permissions. This ongoing pattern of vulnerabilities underscores the inherent complexity of securing highly automated and interconnected development environments, especially when integrating external contributions. In practice, this means practitioners must adopt a heightened state of vigilance regarding their GitHub Actions configurations. The immediate implication is a thorough audit of all workflows, particularly those triggered by pull requests or consuming external inputs, to ensure strict adherence to the principle of least privilege. Maintainers should meticulously review how untrusted inputs (such as branch names, PR titles, comments, or artifacts) are handled and ensure they are never directly interpolated into shell commands or used by privileged jobs without rigorous validation. Workflows utilizing `pull_request_target` require special scrutiny, and permissions for the `GITHUB_TOKEN` should be restricted to the absolute minimum necessary. Organizations should also consider implementing additional layers of security, such as static analysis for workflow files and runtime monitoring, to detect and prevent such supply chain attacks. The focus should shift from merely checking if a workflow is safe in isolation to understanding if untrusted input can transition from a low-privilege context to a high-privilege action within the broader CI/CD chain.
#github actions#security#ci/cd#supply chain#vulnerability#secrets
Read original source