Back

Critical RCE Vulnerability in Microsoft GitHub Repository Disclosed

Severity: High (Score: 72.6)

Sources: Tenable, Scworld

Summary

A critical flaw in Microsoft's Windows-driver-samples GitHub repository allowed for remote code execution (RCE) via issue submissions. The vulnerability, identified by Tenable, enabled attackers to inject arbitrary Python code into a GitHub Actions workflow due to unsanitized input. This could lead to the exfiltration of the GITHUB_TOKEN secret, potentially allowing unauthorized actions on behalf of Microsoft. The flaw was assigned a CVSS score of 9.3, indicating a high severity. Microsoft patched the vulnerability on March 13, 2026, after it was reported in February 2026. The incident underscores the need for stringent security measures in CI/CD pipelines and proper management of sensitive tokens. The repository has significant visibility with 7,700 stars and 5,000 forks, increasing the potential impact of exploitation. Tenable also referenced a related incident involving OpenAI, highlighting ongoing risks in software supply chains. Key Points: • A critical RCE vulnerability in a Microsoft GitHub repository was discovered and patched. • Attackers could exploit the flaw by submitting malicious issues, executing arbitrary Python code. • The vulnerability had a CVSS score of 9.3, indicating high severity and potential for significant impact.

Key Entities

  • Remote Code Execution (attack_type)
  • Supply Chain Attack (attack_type)
  • OpenAI (company)
  • North Korea (country)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-94 - Code Injection (cwe)
  • T1059.006 - Python (mitre_attack)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • GitHub (platform)
  • MacOS (platform)
  • Windows (platform)
  • GitHub Actions (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed