{"data":{"id":"557efeb3-bcdd-41d0-aefa-c0c14745328d","title":"Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories","summary":"A security flaw in Anthropic's Claude Code GitHub Action allowed attackers to hijack repositories by opening a single malicious GitHub issue that exploited a broken permission check and indirect prompt injection (tricking an AI by hiding instructions in its input). The vulnerability let attackers steal credentials needed to gain write access to code and workflows, potentially poisoning the Claude Code Action itself for downstream projects that use it.","solution":"Update to claude-code-action v1.0.94 or later. Then audit any workflow that lets users without write access or bots trigger Claude: if it takes untrusted input, limit secrets to only the Anthropic API key and GITHUB_TOKEN, and remove tools and permissions that could be used for stealing data.","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/06/claude-code-github-action-flaw-let-one.html","publishedAt":"2026-06-04T15:15:26.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude Code","Claude GitHub Action","Cline"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-04T15:15:26.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}