GitHub Actions is the most-targeted CI/CD platform in the world right now. Not because it's insecure by design because billions of automated workflows run on it daily, most with misconfigured permissions, mutable dependencies, and zero security review.
In 2026 alone: the Megalodon campaign poisoned thousands of repos in six hours. The TanStack cache poisoning attack published malicious packages with valid, signed provenance. The tj-actions/changed-files compromise exfiltrated secrets from thousands of repos in a single day.
All of them used GitHub Actions misconfigurations as the entry point.
The 7 misconfigurations covered:
-
Overly Permissive
GITHUB_TOKEN— write-all is still the default for repos created before Feb 2023 -
pull_request_targetwith untrusted code — the pattern behind the highest-impact GHA CVEs ever disclosed -
Unpinned third-party actions —
@v4is mutable; one compromised repo and every workflow picks it up -
Expression injection (script injection) —
${{ github.event.pull_request.title }}in arun:block is a shell injection vector - Secrets in logs and artifacts — GitHub's masking only catches exact-match patterns; encoded values bypass it
- Shared caches across trust boundaries — how the TanStack attack actually worked
- Self-hosted runners without isolation — ephemeral by default on GitHub-hosted; not on yours
Plus a 5-minute hardening checklist and a one-command audit using zizmor.
Full breakdown with code examples, fixes, and a copy-paste checklist:
Top comments (0)