[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:exploitable-ci-cd-vulnerabilities-expose-millions-of-repositories-to-hijacking-mqskb3o6":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":18,"article_ids":19,"ioc_summary":21,"source_urls":22,"status":24,"expires_at":25,"created_at":26,"updated_at":27,"articles":28},"effa32b5-d5af-474e-aee9-74cf0931dbc6","Exploitable CI\u002FCD Vulnerabilities Expose Millions of Repositories to Hijacking","exploitable-ci-cd-vulnerabilities-expose-millions-of-repositories-to-hijacking-mqskb3o6","A new class of CI\u002FCD vulnerabilities called Cordyceps has been discovered in GitHub Actions YAML configurations that allows unauthenticated attackers to hijack repositories and steal credentials. The flaws exploit workflow composition logic rather than individual components, bypassing traditional scanners and affecting millions of open-source repos from Microsoft, Google, and Apache. Attackers can achieve command injection, artifact poisoning, and full repository control.","critical","advisory",[],[13,14,15,16,17],"GitHub Actions","Microsoft","Google","Apache","Cloudflare","Audit all GitHub Actions YAML files in your organization for untrusted variable interpolation, dynamic workflow triggers, and credential exposure patterns. Prioritize repositories with write access to production systems. Enable branch protection rules and require code reviews for all workflow changes.",[20],"c156b410-2c97-4a79-9895-902cf719a644",null,[23],"https:\u002F\u002Fwww.securityweek.com\u002Fexploitable-ci-cd-vulnerabilities-expose-millions-of-repositories-to-hijacking\u002F","active","2026-06-26T21:05:11.337+00:00","2026-06-24T21:05:14.215145+00:00","2026-06-24T21:05:17.717404+00:00",[29],{"id":20,"title":6,"url":23}]