'Cordyceps': Malicious Pull Requests Threaten CI/CD Workflows

The CI/CD workflow weakness affects Microsoft's Azure Sentinel, Google's AI Agent Development Kit, Apache's Doris analytics database, Cloudflare's Workers SDK, and Python Software Foundation's Black.

June 23, 2026

A new class of CI/CD workflow weakness enables attackers to use malicious pull requests to compromise software supply chains.

Elad Meged, founding engineer and security researcher at penetration-testing firm Novee, published a blog post today covering a weakness dubbed "Cordyceps" that exists across code repositories at organizations large and small. The issue behind Cordyceps involves pull requests — the type of request developers make when they want a software code change to be merged into the main repository.

Pull requests are, by design, open to developers that want to make open source software better, and merges are generally approved by a small group of maintainers or administrators, so the master code is updated safely. Novee alleges that the automated CI/CD workflows present in many repositories (i.e., the processes that exist between pull requests and merges) are weak from an access security perspective, and can be exploited by attackers in ways that create negative supply chain outcomes for users.