Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Vulnerability in Claude Code GitHub Actions Exposed

Vulnerability in Claude Code GitHub Actions Exposed

Posted on June 2, 2026 By CWS

An alarming vulnerability in Claude Code’s GitHub Actions has been uncovered, potentially allowing attackers to infiltrate any repository utilizing Anthropic’s CI/CD workflow. This flaw was identified by security expert RyotaK from GMO Flatt Security and has since been patched in version 1.0.94 of Claude Code GitHub Actions.

The Nature of the Vulnerability

The vulnerability originated from a flawed permission model in the checkWritePermissions function of Claude Code GitHub Actions. This flaw, combined with prompt injection techniques, allowed unauthorized attackers to extract secrets, steal OIDC tokens, and insert malicious code into any repository relying on the affected workflow. The checkWritePermissions function mistakenly trusted any actor ending with [bot], irrespective of their actual permissions.

Attackers exploited this by utilizing GitHub Apps, which inherently have read access to public repositories. By creating issues or pull requests using only an installation token, attackers could bypass permission controls entirely, posing a significant security risk.

Executing the Attack

The attack sequence involved creating a malicious GitHub App, installing it on a controlled repository, and using its installation token to initiate an issue or pull request on the target repository. This process exploited the flawed permission logic, allowing the attacker’s content to be processed as legitimate.

Once inside, attackers could use prompt injection to execute commands, exploiting the fact that Claude Code permits certain Bash commands without explicit approval. This allowed access to sensitive environment variables, including those needed to request OIDC tokens, leading to the potential compromise of repository contents and workflows.

Mitigation and Future Implications

Anthropic has addressed these vulnerabilities in Claude Code GitHub Actions version 1.0.94. Key fixes include adding checks for human actors, disabling the workflow run summary by default, and removing sensitive environment variables from child processes.

Additionally, measures were implemented to prevent workflow chaining attacks, such as ignoring post-trigger edits and validating command arguments. The CVSS v4.0 score for these vulnerabilities was rated at 7.8, and a bounty was awarded to the researcher.

For users still employing Claude Code GitHub Actions, it is advised to audit workflows using allowed_non_write_users and restrict exposed secrets. Reviewing workflow logs for any signs of compromise is also recommended to ensure continued security.

As the digital landscape evolves, maintaining vigilant security practices is crucial to protect against similar vulnerabilities. Users are encouraged to stay informed through resources like the OWASP API Top 10 and webinars on improving visibility with WAAP.

Cyber Security News Tags:Anthropic, CI/CD, Claude Code, GitHub actions, GitHub App, OIDC tokens, RyotaK, Security, supply chain attack, Vulnerability

Post navigation

Previous Post: Oracle WebLogic Flaw Exploited: CISA Issues Warning
Next Post: AI-Driven Exploitation Challenges Vulnerability Management

Related Posts

Allianz Life Data Breach Exposes Personal Records of 1.5 Million Users Allianz Life Data Breach Exposes Personal Records of 1.5 Million Users Cyber Security News
Critical Splunk Vulnerability Enables Remote Code Execution Critical Splunk Vulnerability Enables Remote Code Execution Cyber Security News
Anthropic Unveils Claude Fable 5 Cybersecurity Measures Anthropic Unveils Claude Fable 5 Cybersecurity Measures Cyber Security News
Ransomware Campaign Mimics Akira in South America Ransomware Campaign Mimics Akira in South America Cyber Security News
FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection Cyber Security News
Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • OpenSSL Vulnerability ‘HollowByte’ Poses Severe Threat
  • OpenSSL Vulnerability Causes Memory Freeze with Minimal Data
  • EY Faces Data Breach: IT System Compromised
  • Malicious Vite npm Packages Exploit Blockchain for Cyberattack
  • Ransomware Disrupts Fairlife Production in U.S.

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • OpenSSL Vulnerability ‘HollowByte’ Poses Severe Threat
  • OpenSSL Vulnerability Causes Memory Freeze with Minimal Data
  • EY Faces Data Breach: IT System Compromised
  • Malicious Vite npm Packages Exploit Blockchain for Cyberattack
  • Ransomware Disrupts Fairlife Production in U.S.

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark