Microsoft fixed a critical flaw in one of its public GitHub repositories that enabled anyone with a GitHub account to achieve remote code execution (RCE) by opening an issue on the repo, Tenable reported in an advisory Tuesday.The issue affected the Windows-driver-samples repository, which has about 7,700 stars and 5,000 forks on GitHub. An attacker could have executed arbitrary Python code in the context of the GitHub runner, potentially extracting the GITHUB_TOKEN secret for the repo, Tenable Staff Research Engineer Rémy Marot explained in a statement provided to SC Media.A GitHub Actions workflow caused the body of any issue created on the repo to be directly inserted into a Python here-doc without sanitization, Tenable said. An attacker could have used triple-quote string terminators to escape the string literal, injecting Python code to be executed.This could have allowed exfiltration of the temporary GITHUB_TOKEN secret, which at minimum could have enabled issue creation on behalf of Microsoft. While Microsoft did not confirm the exact token permissions, Tenable researchers noted the default configuration of tokens on repos created before 2023 allowed for read and write operations. Tenable assessed the flaw at a CVSS base score of 9.3, with Marot saying exploitation would have been “trivial” as anyone with a free registered GitHub account could have submitted a malicious issue. The flaw was reported by Tenable in February 2026 and fixed by Microsoft on March 13, 2026. Tenable says the incident highlights the importance of securing continuous integration and continuous delivery (CI/CD) pipelines to prevent supply chain compromise, including by auditing workflows such as GitHub Actions for vulnerabilities ormisconfigurations, and reviewing permissions for secrets such as GITHUB_TOKEN to avoid unnecessary read/write permissions.“The CI/CD infrastructure is part of an organization’s attack surface and software supply chain, requiring strict security controls to protect source code and build integrity,” Marot said.OpenAI recently reported that a misconfiguration in a GitHub Actions workflow resulted in the installation and execution of a malicious axios version, potentially affecting OpenAI’s macOS app-signing process. In this case, a floating tag and lack of a configured minimumReleaseAge caused the malicious version to be automatically installed when the package was temporarily compromised in a North Korea-linked attack.
Vulnerability Management, Supply chain, DevSecOps, Application security
Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission
(Credit: Photo Agency – stock.adobe.com)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds