CRITICAL ⚡ MUST-KNOW
Claude Code GitHub Action Flaw Enabled Single-Issue Repository Takeover
Researcher RyotaK (GMO) disclosed a flaw in Anthropic’s Claude Code GitHub Action that allowed an attacker to take over any public repository running it by opening a single malicious GitHub issue. Because Anthropic’s own action repository used the same vulnerable workflow, a working exploit could have injected malicious code into the action itself and propagated downstream to every project consuming it as a dependency. Anthropic has patched the vulnerability. Organizations using the Claude Code GitHub Action should verify they are pinned to a patched version and audit recent workflow runs for unexpected commits or permission changes.