Storia in 5 fonti

Claude Code GitHub Action flaw enabled repository hijacking

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

Raccontata da

Confronto fonti

5 prospettive sulla stessa storia

AI · summaries

thenextweb.comStai leggendo3 g fa

Claude Code GitHub Action flaw enabled repository hijacking

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

originale

Timeline cronologica

mercoledì 3 giugno 2026·dev.to
Comment and Control: a GitHub comment hijacks Claude Code in CI
A security researcher showed that a GitHub PR title, issue body, or comment could become a prompt...
giovedì 4 giugno 2026·thenextweb.com
Claude Code GitHub Action flaw enabled repository hijacking
A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

thehackernews.com

3 g fa

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and gain write access to repos.

Leggi questa versione → originale

decrypt.co1 g fa

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft - Decrypt

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software development pipelines.

Leggi questa versione → originale

hwupgrade.it2 g fa

Claude Code, una sola issue su GitHub poteva dirottare qualunque repository

Una singola issue aperta da una finta GitHub App poteva aggirare i controlli della Claude Code GitHub Action e rubare via prompt injection i token per ottenere accesso in scrittura a qualunque repository. Anthropic ha…

Leggi questa versione → originale

dev.to4 g fa

Comment and Control: a GitHub comment hijacks Claude Code in CI

GitHub comments could hijack Claude Code in CI and exfiltrate secrets via prompt injection; Anthropic rated it CVSS 9.4 Critical. The flaw is structural: agents read untrusted input. The fix is firewall tool calls with Clampd to block recon and exfiltration.

Leggi questa versione → originale

giovedì 4 giugno 2026·

thehackernews.com

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and gain write access to repos.

venerdì 5 giugno 2026·

dev.to

One Malicious GitHub Issue Was All It Took to Hijack a Claude Code Agent

A researcher disclosed a vulnerability in the Claude Code GitHub Action that let an attacker submit a...

venerdì 5 giugno 2026·

hwupgrade.it

Claude Code, una sola issue su GitHub poteva dirottare qualunque repository

Una singola issue aperta da una finta GitHub App poteva aggirare i controlli della Claude Code GitHub Action e rubare via prompt injection i token per ottenere accesso in…

sabato 6 giugno 2026·

decrypt.co

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft - Decrypt

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software development pipelines.