Posted in

Cordyceps CI/CD Vulnerability Exposes Microsoft, Google, and Other Major Open-Source Repositories

Cybersecurity researchers have identified a dangerous new class of CI/CD (Continuous Integration and Continuous Deployment) workflow vulnerability that could allow attackers to hijack software development pipelines and compromise open-source supply chains.

Dubbed Cordyceps, the flaw stems from insecure workflow configurations that permit untrusted pull requests to trigger privileged automation processes. According to researchers at Novee Security, the vulnerability could potentially impact repositories maintained by some of the world’s largest technology organizations, including Microsoft, Google, Apache, and Cloudflare.

What Is the Cordyceps Vulnerability?

The Cordyceps attack pattern exploits weaknesses in CI/CD workflows where untrusted user input crosses security boundaries without proper validation.

In many open-source projects, contributors submit code changes through pull requests (PRs). While these workflows are intended to streamline collaboration, improperly configured automation systems may grant excessive permissions to PR-triggered processes.

As a result, attackers with nothing more than a free account can potentially:

  • Execute arbitrary code on CI/CD systems
  • Steal sensitive credentials and access tokens
  • Gain elevated repository permissions
  • Manipulate software release pipelines
  • Launch supply chain attacks against downstream users

Researchers emphasize that no special privileges or organizational membership are required to exploit vulnerable repositories.

Hundreds of Popular Repositories Found Vulnerable

Novee Security analyzed approximately 30,000 high-impact open-source repositories and discovered that more than 300 were fully exploitable.

The findings suggest that many organizations unknowingly expose critical automation systems through workflow misconfigurations rather than software bugs.

Unlike traditional vulnerabilities, Cordyceps does not exploit a flaw in a specific application. Instead, the risk emerges from how different workflow components interact with each other.

Researchers described it as a vulnerability hidden within the “composition” of CI/CD systems, where trusted automation processes inadvertently execute actions based on untrusted user-controlled data.

Real-World Examples of Cordyceps Exploitation

The research team identified several high-profile repositories where attackers could potentially gain significant access.

Microsoft Azure Sentinel

Researchers discovered that a simple comment on a pull request could trigger the execution of attacker-controlled code within Microsoft’s CI environment.

The attack could reportedly expose a non-expiring GitHub App key, potentially granting long-term access to critical development resources.

Google’s AI Agent Development Kit

A vulnerable workflow in Google’s AI Agent Development Kit (ADK) sample repository could allow attackers to execute arbitrary code through a malicious pull request.

Successful exploitation could provide elevated permissions within a Google Cloud development environment.

Apache Doris

The Apache Doris project was found to contain two separate attack paths that enabled zero-click exploitation.

Attackers could allegedly execute code and extract hard-coded CI credentials or obtain write-enabled repository tokens through a single pull request interaction.

Cloudflare Workers SDK

Researchers demonstrated that specially crafted branch names could trigger command execution on Cloudflare’s CI runners.

This technique could allow attackers to manipulate workflow execution and potentially gain access to sensitive build resources.

Python Software Foundation’s Black

A pull request submitted by an external contributor could reportedly execute code within Black’s build infrastructure.

Researchers warned that attackers could use this access to steal automation tokens and potentially approve pull requests without authorization.

Why This Vulnerability Is Especially Dangerous

Supply chain attacks continue to be one of the most serious threats facing modern software development.

Because open-source projects often serve as dependencies for thousands of organizations, compromising a trusted repository can create a cascading security impact across entire ecosystems.

The Cordyceps vulnerability is particularly concerning because:

  • It requires minimal attacker effort
  • Exploitation can occur anonymously
  • CI/CD environments often contain sensitive secrets
  • Access can lead to malicious code insertion
  • Downstream users may unknowingly install compromised software

Researchers compare the threat to “puppeteering” software repositories by silently manipulating trusted automation workflows.

AI-Assisted Development May Increase Risk

Security experts also highlighted the growing role of AI-assisted coding tools in software development.

As developers increasingly rely on automated code generation and workflow creation, insecure CI/CD configurations may spread more rapidly across repositories.

Researchers warn that agentic coding systems can unintentionally reproduce vulnerable patterns at scale, causing insecure workflow designs to proliferate throughout the open-source ecosystem.

This creates a compounding risk where the same misconfigurations appear across thousands of projects.

Vendor Responses and Mitigation Efforts

Following responsible disclosure, affected organizations took steps to address the identified issues.

According to Novee Security:

  • Microsoft confirmed the reported impact.
  • Google acknowledged the vulnerability findings.
  • Cloudflare implemented workflow hardening measures.
  • Apache applied security patches.
  • The Python Software Foundation strengthened affected configurations.

These responses have helped reduce immediate risk, though researchers caution that similar workflow patterns likely remain widespread across open-source projects.

How Organizations Can Protect Their CI/CD Pipelines

Security teams should review CI/CD workflows to ensure untrusted pull requests cannot access privileged resources or trigger sensitive actions.

Recommended best practices include:

Enforce Least Privilege

Limit permissions granted to workflow tokens and automation accounts.

Separate Trusted and Untrusted Workflows

Ensure external contributors cannot trigger privileged deployment or release processes.

Protect Secrets

Prevent workflows triggered by forks or anonymous users from accessing sensitive credentials.

Validate User Input

Treat branch names, comments, pull request titles, and contributor-controlled variables as untrusted data.

Audit Workflow Permissions

Regularly review GitHub Actions, GitLab CI, Jenkins, and other automation pipelines for excessive privileges.

Monitor Supply Chain Risks

Continuously assess repositories and dependencies for insecure CI/CD configurations.

Conclusion

The discovery of the Cordyceps vulnerability highlights a growing challenge in modern software development: securing the automation systems that power open-source collaboration.

Rather than exploiting software flaws, attackers can abuse workflow logic and trust boundaries to gain control over repositories, steal credentials, and compromise software supply chains. As CI/CD pipelines become increasingly central to development operations, organizations must prioritize workflow security alongside traditional application security measures.

The findings serve as a reminder that even correctly functioning automation systems can become security risks when trust boundaries are poorly designed.

Leave a Reply

Your email address will not be published. Required fields are marked *