GitHub Actions RCE risk

GitHub Actions is the automation that runs code when a repository gets a new issue, pull request, or commit — and in one Microsoft repo, that automation could be hijacked by filing an issue. (tenable.com) Tenable said the flaw affected Microsoft’s public Windows-driver-samples repository, where an issue body was inserted directly into an inline Python script in a GitHub Actions workflow. The researchers said an attacker could break out of that string with triple quotes and make the runner execute arbitrary Python code. (tenable.com) The repository had about 7,700 stars and 5,000 forks when SC Media reported the disclosure on April 22, 2026. Tenable gave the bug a CVSS v4 score of 9.3 and said anyone with a standard GitHub account could have attempted exploitation. (scworld.com) A GitHub runner is the temporary machine that carries out those automation jobs, like a build server that wakes up, does work, and disappears. If untrusted text from an issue or pull request is pasted straight into a script, GitHub warns that the workflow can become vulnerable to script injection. (docs.github.com) GitHub also warns that workflow contexts can contain attacker-controlled input and should be treated as untrusted. Its documentation says the built-in GITHUB_TOKEN should be limited to the minimum permissions a job needs. (docs.github.com, docs.github.com) In this case, Tenable said the injected code could have exfiltrated secrets available to the workflow run, including the repository’s GITHUB_TOKEN. SC Media reported that, at minimum, that token could have let an attacker create issues as Microsoft, and Tenable said older repository defaults could also allow read and write operations. (tenable.com, scworld.com) Tenable’s timeline says it reported the bug to Microsoft on February 24, 2026, and Microsoft confirmed the fix on March 30 after a patch landed through pull request #1355. GitHub’s workflow history for the repository shows a March 13, 2026 merge of pull request #1355 into the main branch. (tenable.com, github.com) Microsoft’s repository is a reference library for Windows Driver Kit samples used by driver developers, which makes the exposure notable even though the flaw sat in automation rather than in shipped Windows code. Microsoft’s own documentation points developers to that GitHub repo for Windows driver samples. (learn.microsoft.com, github.com) The episode fits a broader pattern in GitHub Actions security: the weak point is often not the application code, but the workflow glued around it. GitHub’s secure-use guidance tells maintainers to separate trust boundaries, avoid feeding untrusted input into scripts, and apply least-privilege permissions to automation tokens. (docs.github.com, docs.github.com) Microsoft fixed this case before public disclosure, but the underlying lesson is simple: an issue form, a pull request title, or a comment can become executable input if a workflow treats user text like code. In GitHub Actions, the automation layer is part of the attack surface, not just the plumbing around it. (tenable.com, docs.github.com)