What Happened
On June 24, 2026, researchers at Novee Security published full details of a CI/CD workflow weakness they named Cordyceps. The flaw is not a single CVE — it is a class of misconfiguration in GitHub Actions that allows untrusted pull requests to trigger privileged CI/CD workflows, which then authenticate to cloud environments with full administrative credentials. A scan of approximately 30,000 high-impact public repositories found more than 300 fully exploitable, including repositories owned by Microsoft, Google, Apache, and Cloudflare. The attack requires no organizational membership and no special privileges — a free GitHub account is sufficient to open a pull request and trigger the vulnerable workflow chain.
The technical mechanism works in two steps. First, an attacker-controlled pull request triggers a low-privilege workflow that produces an artifact or output. Second, a separate high-privilege workflow — configured with write access to the production environment — consumes that artifact without validating its source. The combined result is attacker-controlled code execution with the credentials of the highest-privilege workflow, enabling cloud credential theft, repository write access, and in many cases full supply chain compromise. Novee’s scan methodology was conservative: the 300-plus figure represents repositories where exploitation was confirmed feasible, not merely repositories with weak configurations.
Why This Matters for Canadian Organizations
Canadian software development teams, government digital services, and technology companies that use GitHub Actions for CI/CD pipelines are directly exposed to this class of vulnerability if their workflow configurations follow common patterns observed across major repositories. The affected pattern is widespread because it arose organically from the way GitHub Actions evolved: early documentation encouraged granting workflows broad permissions, and many organizations never audited those grants after their initial setup.
The practical impact goes beyond credential theft. A compromised CI/CD pipeline lets attackers inject malicious code into software builds, tamper with deployment artifacts, or modify infrastructure-as-code configurations before they reach production. For Canadian organizations subject to OSFI Guideline B-13’s software development and testing requirements, or those that supply software to federal government under supply chain security obligations, a CI/CD compromise represents both a direct breach risk and a material third-party risk event for downstream clients.
Agentic AI coding tools — which are increasingly common in Canadian developer environments — create additional exposure. These tools create pull requests autonomously, at higher volume and lower scrutiny than human-authored PRs. Cordyceps misconfigurations exploited through AI-generated pull requests are harder to detect and faster to scale than traditional manual attacks.
What to Do
Audit your GitHub Actions workflow files today. Review any workflow that uses pull_request_target or that reads artifacts from a separate low-privilege workflow and then executes with elevated permissions. Ensure that privileged workflows validate the source of any external input before acting on it. Apply the updated actions/checkout version released June 18, which blocks common pwn request patterns by default. Restrict the permissions granted to workflow GITHUB_TOKENs to the minimum required for each job. For repositories in your organization, run Novee’s published detection rules — or a similar scanner — against your Actions configuration files and treat any flagged repository as compromised until verified clean.
Source: The Hacker News, SecurityWeek
