Security researchers have identified a critical software supply-chain risk known as “Cordyceps,” a CI/CD workflow vulnerability that stems from insecure trust relationships within automated development pipelines. According to Novee Security, the issue affects repositories that unintentionally grant elevated privileges to workflows triggered by untrusted pull requests, allowing attackers with nothing more than a free account to execute malicious code, steal sensitive credentials, or manipulate repository operations.
The vulnerability is not tied to a flaw in any single platform but rather emerges from the way CI/CD workflows are configured and interconnected. Researchers describe it as a composition-based weakness where untrusted user input crosses security boundaries without sufficient validation. Because the individual workflow components function as intended, traditional security scanners often fail to identify the risk, making the issue particularly difficult for organizations to detect and remediate.
Novee’s analysis of approximately 30,000 high-impact repositories found more than 300 projects vulnerable to exploitation, including repositories associated with major technology organizations and open-source foundations. Demonstrated attack paths included the ability to execute arbitrary code on build infrastructure, extract long-lived authentication tokens, obtain repository write access, and bypass approval mechanisms. Examples cited by researchers involved repositories linked to Microsoft, Google, Apache, Cloudflare, and other widely used software ecosystems.
The findings underscore growing concerns about the security implications of increasingly automated software development environments. Researchers warn that the widespread adoption of AI-assisted and agent-driven coding workflows could unintentionally replicate insecure CI/CD patterns across thousands of repositories, accelerating the spread of exploitable configurations. While affected organizations have taken steps to harden workflows and apply fixes, the disclosure highlights how misconfigured automation pipelines can become powerful entry points for large-scale software supply-chain attacks.
