In a nutshell: Unvalidated input in Anthropic’s Claude Code GitHub Action enabled complete repository takeover via a simple issue, with potential impact on all dependent downstream projects.
A security researcher discovered a critical vulnerability in Anthropic’s Claude Code GitHub Action that allowed attackers to take over any public repositories using this action via a single GitHub issue. Since Anthropic’s own action repository used the same vulnerable workflow pattern, malicious downstream code could be directly injected into the action and into downstream dependent projects.
The vulnerability was discovered by RyotaK from GMO. An attacker could trigger complete takeover simply by opening a GitHub issue in an affected repository — without requiring further authentication or complex attack preparation.
Particularly critical was the situation with Anthropic’s own action repository: Since this repository itself used the same vulnerable workflow pattern, a successful compromise of the action would not only affect locally bound repositories, but could infect all downstream projects across version dependencies that had integrated this action.
The vulnerability demonstrates a classic supply-chain risk pattern in the GitHub ecosystem: seemingly insignificant input (an issue) is transformed into executable action through insufficient isolation in the workflow configuration. CISOs should audit GitHub Actions in their repositories for such uncontrolled input sources and enforce strict policies for validation and isolation of user inputs in CI/CD pipelines.
Source: thehackernews.com · Published June 4, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.2.9.