A newly discovered class of vulnerabilities in continuous integration and delivery (CI/CD) processes is leaving an immense number of open source repositories vulnerable to exploitation. Cybersecurity firm Novee has identified these flaws, named Cordyceps, which could allow attackers to take over developer workflows and seize control of repositories.
Understanding the Cordyceps Vulnerabilities
Novee reports that agentic coding practices are spreading insecure patterns across millions of repositories via automatically generated CI/CD workflows. These security flaws include command injection, authentication logic weaknesses, artifact poisoning, and privilege escalation, affecting tools from major organizations such as Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation.
The vulnerabilities are particularly dangerous because they can be exploited by any unauthenticated attacker with a free account, allowing them to forge approvals, inject code, and extract credentials without needing special access or organizational membership.
Widespread Impact of the Flaws
During Novee’s investigations, 654 repositories were flagged in a single scan, with over 300 confirmed as fully exploitable. These vulnerabilities, located in GitHub Actions YAML files, can be triggered by low-privilege workflows initiated through untrusted pull requests or comments. The resulting high-privilege workflows could potentially authenticate to cloud providers using maintainer permissions.
This issue is not isolated to GitHub; it is a systemic problem affecting any CI/CD management system. When compromised software is deployed across numerous organizations, it can extend its reach to banks, cloud services, AI labs, and user devices.
Consequences for the Software Supply Chain
The exploitation of these vulnerabilities could lead to severe supply chain compromises. This includes publishing malicious packages on platforms like NPM, PyPI, Crates.io, Docker/GHCR, and Helm, as well as injecting unauthorized code into protected branches. Additionally, it may result in forced CI checks, stolen credentials across AWS, GCP, and Netlify, and compromised self-hosted runners.
Novee emphasizes that this vulnerability is deeply embedded in the open-source infrastructure that underpins much of the industry. It remains hidden from standard security scans because each component functions as intended; the risk emerges from untrusted data crossing unchecked trust boundaries.
The cybersecurity community must prioritize auditing CI/CD workflows as critical security components to prevent such systemic threats from causing widespread damage. Ongoing vigilance and proactive measures are essential to safeguarding the integrity of the software supply chain.
