{"data":{"id":"62b64956-a26d-4070-aca1-7761af080367","title":"GHSA-8q5r-mmjf-575q: Claude Code Action: Malicious MCP Server Configuration in PRs Enables Remote Code Execution and Secret Exfiltration","summary":"A vulnerability in Claude Code Action allowed attackers to run arbitrary code on GitHub Actions runners and steal secrets by creating a pull request with a malicious `.mcp.json` file (a configuration file that tells the system which external tools to enable). The problem occurred because the action automatically checked out the attacker's code, read the malicious configuration file, and unconditionally enabled all project MCP servers (integrations with external tools) without validation.","solution":"Update claude-code-action to the latest version. Users referencing anthropics/claude-code-action@v1, anthropics/claude-code-action@beta, anthropics/claude-code-action@main, or other non-pinned tags will have already received this fix.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-8q5r-mmjf-575q","publishedAt":"2026-06-10T19:33:48.000Z","cveId":"CVE-2026-47751","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["anthropics/claude-code-action@< 1.0.74 (fixed: 1.0.74)"],"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude Code Action"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-06-10T19:33:48.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}