Claude Code GitHub Action Flaw Could Hijack Repos via Issue

Critical Flaw in Claude Code GitHub Action Exposed Repositories to Takeover

A security vulnerability discovered in Anthropic's Claude Code GitHub Action has raised alarms across the developer community. The flaw, identified by researcher RyotaK of GMO, allowed an attacker to seize control of vulnerable public repositories that were using the action—simply by opening a single GitHub issue.

According to recent reports, the issue stemmed from how the action processed inputs from GitHub issues. By crafting a malicious issue comment, an attacker could inject arbitrary commands into the workflow execution environment. This effectively gave them the same permissions as the action itself, including write access to the repository.

Potential for Widespread Damage

The danger was amplified because Anthropic's own repository for the Claude Code Action employed the same vulnerable workflow. If exploited, an attacker could have pushed malicious code directly into the action's source code. Any project that pulled the action from that repository would then be compromised, creating a supply chain attack with far-reaching consequences.

Mitigation and Response

Upon disclosure, Anthropic quickly patched the vulnerability by hardening the input validation and restricting the action's permissions. Users are strongly advised to update to the latest version of the Claude Code GitHub Action immediately. Additionally, repository maintainers should review their workflow configurations to ensure they are not inadvertently exposing their projects to similar risks.

This incident serves as a stark reminder of the security challenges inherent in automated CI/CD pipelines, especially when actions process untrusted input from public sources like issues or pull requests.