SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Flux result 5b734eba 1444 4464 96e8 27cf5fa2f10a
#
DevOps
#
Cloud Security
#
Application Security

Tenable flags Microsoft GitHub workflow flaw exposing code

Wed, 22nd Apr 2026 (Yesterday)
Author image
By Sean Mitchell, Publisher

Tenable has disclosed a critical vulnerability in Microsoft's Windows-driver-samples GitHub repository that exposed a path to remote code execution through the repository's GitHub workflow.

The issue, which Tenable rated at 9.3 on the CVSSv4 scale, could have allowed attackers to access repository secrets and act using Microsoft's GitHub token. The repository is widely used by developers, with more than 7,700 stars and about 5,000 forks.

According to Tenable, the weakness was in a GitHub Actions workflow linked to the repository. Researchers identified a Python string injection flaw that could be triggered through GitHub's issue feature, which is open to registered users.

An attacker would only need to open a GitHub issue containing malicious Python code in the description. The workflow would then run automatically when the issue was created, executing the code on the GitHub runner and allowing the attacker to extract the GITHUB_TOKEN and possibly other secrets configured in the repository.

Attack route

The exploit path was straightforward because it relied on normal GitHub repository functions rather than privileged access. An external user could move from submitting an issue to running code in the CI/CD environment if the workflow handled user input insecurely.

A stolen GITHUB_TOKEN could have allowed an attacker to act on the repository's behalf. Because the repository was created before GitHub's 2023 changes, Tenable inferred that the token likely retained broad default read and write permissions unless those permissions had been explicitly reduced in the workflow.

That, in turn, could have enabled an unauthorised user to carry out privileged actions in the Microsoft repository, including creating issues or changing repository content. Tenable warned that this created a potential software supply chain risk because code repositories and automated build pipelines sit upstream of software development and distribution.

The findings add to broader concerns across the cyber security sector about weaknesses in CI/CD environments. Automated pipelines are now a standard part of software development, but researchers have increasingly warned that misconfigured workflows can give attackers a route into source code, secrets and release processes.

In this case, the repository is a prominent Microsoft code sample project used by developers working with Windows drivers. Highly visible repositories can attract attackers because a successful compromise may bring reputational damage and affect software artefacts and code used by others.

Research findings

The disclosure concerned the repository infrastructure rather than a flaw in Windows itself. Tenable assessed the risk as stemming from the repository's automation, specifically how external input could be passed into code execution inside a GitHub workflow.

Security teams often distinguish between application vulnerabilities and build pipeline vulnerabilities, but the latter can be just as serious because they may enable tampering before software reaches users. In recent years, software supply chain attacks have pushed organisations to tighten controls around source repositories, build systems and secrets management.

Tenable used the case to argue that CI/CD systems should be treated as critical infrastructure within software organisations. Recommended controls included tighter restrictions on token permissions, closer review of workflows triggered by public interaction and regular auditing for injection risks.

One recommendation was to explicitly define and limit GITHUB_TOKEN permissions rather than rely on platform defaults. Another was to review automated jobs that process content supplied by outside users, such as issue text, pull request comments and other public inputs that may be incorporated into scripts.

Pipeline monitoring was also highlighted as a key safeguard. Organisations should inspect workflows for unsafe handling of user-controlled content, particularly where scripting languages can interpret injected strings as executable code.

"The CI/CD infrastructure is part of an organization's attack surface and software supply chain," said Rémy Marot, Staff Research Engineer at Tenable. "Without strong safeguards, a vulnerability in a pipeline can be exploited to trigger large-scale supply chain attacks and have critical impacts on downstream systems and users."

Related stories
Western Digital details sustainability gains amid AI demand
Claroty appoints John Ryan to lead global partner push
Gigamon launches AI tools as observability market grows
LevelBlue warns of GhostOps risk from rogue AI agents
Datadog launches GPU Monitoring to cut AI compute costs

Top stories

One-third of FIFA World Cup partners lack email protection
CrowdStrike expands Google Cloud security & wins award
Claude Code can leak secrets in public npm packages
Exabeam widens AI agent monitoring for Google tools
Check Point teams with Google Cloud on AI agent security