Critical Vulnerability in Claude Code GitHub Actions Exposes Repositories to Attacks

Critical Vulnerability in Claude Code GitHub Actions Exposes Repositories to Attacks

First seen 2 Jun 2026, 14:56 UTC CybersecuritynewsGbhackersLetsdatascienceThenextwebflatt.tech+7 84% similarity 72.6

Article Content

Browse articles
ThreatCluster

A critical supply chain vulnerability in Claude Code’s GitHub Actions, identified by security researcher Ryota K from GMO Flat Security, allows attackers to compromise any repository using Anthropic’s CI/CD workflow. The flaw is due to a flawed permission model that enables bypassing of permission controls, exposing thousands of repositories to full compromise through a single malicious GitHub issue. The vulnerability has been patched in version 1.0.94 of Claude Code GitHub Actions. The impact is significant, potentially affecting Anthropic’s own infrastructure. Users are urged to update their systems to mitigate this risk. The vulnerability highlights serious concerns regarding supply chain security in CI/CD environments.

Key Points: • A critical vulnerability in Claude Code GitHub Actions allows full repository compromise. • The flaw stems from a flawed permission model, enabling attackers to bypass controls. • The vulnerability has been patched in version 1.0.94, and users are advised to update.

ThreatCluster AI

Timeline

2026-06-02
Vulnerability disclosed
Ryota K from GMO Flat Security disclosed a critical supply chain vulnerability in Claude Code GitHub Actions, affecting thousands of repositories.
Cybersecuritynews
2026-06-02
Patch released
Claude Code GitHub Actions version 1.0.94 was released to address the identified vulnerabilities.
Gbhackers

Community

Browse all →