SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Moody engineer cicd pipelines morphing into shadowy hands vaults
#
SIEM
#
Fintech
#
Application Security

JFrog flags 13 critical CI/CD flaws in GitHub workflows

Fri, 6th Mar 2026
Author image
By Mark Tarre, News Chief

JFrog has identified 13 vulnerabilities in continuous integration and delivery (CI/CD) workflows across well-known GitHub repositories, with 10 rated critical. The issues were detected and reported by its Security Research team, which worked with maintainers on fixes before disclosure.

The findings focus on weaknesses in CI/CD workflow configurations and related automation. JFrog used an internal tool called RepoHunter, described as an AI-driven security bot designed to identify vulnerable workflow patterns.

Several issues fall under a class of workflow attacks commonly known as "Pwn Requests". These attacks use malicious pull requests to abuse workflow behaviour, often when workflows handle untrusted pull request data unsafely.

Workflow exposure

CI/CD pipelines are now a standard part of modern development, automating tasks such as testing, building, and deployment after code changes. That automation can provide a direct route into sensitive systems when attackers can influence how a workflow runs.

The vulnerabilities could allow attackers to exfiltrate secrets from affected projects, including cloud credentials, signing keys, and deployment tokens. Such information could be used to push unauthorised code, tamper with released artefacts, or expand access into downstream environments that depend on the compromised project.

JFrog placed the risks in the context of recent supply chain incidents, citing the Shai-Hulud worm and the "S1ngularity" attack as examples of campaigns that targeted CI/CD weaknesses to poison software supply chains and steal secrets.

"This discovery is a wake-up call for the industry as it raises two critical concerns. First, CI/CD pipelines are now major risk points as attackers exploit open-source vulnerabilities, as demonstrated by the 13 identified 'Pwn Request' flaws, indicating a shift from direct package maintainer attacks to pipeline hijacking," said Shachar Menashe, vice president of Security Research at JFrog.

"Second, it proves the industry's reliance on trust-based automation is being exploited at scale. Our AI-research bot, RepoHunter, proves that when misused, AI technologies can severely damage global software supply chains. Attacks that once took months for bad actors to orchestrate can now be executed in days. This underscores the importance of equipping trustworthy parties with these tools to counter potential threats quickly," Menashe said.

Repositories affected

The vulnerabilities were found in CI/CD workflows across a range of widely used repositories. Examples include Ansible, used for IT automation, and QGIS, a geospatial mapping and data visualisation tool used in many organisations, including public sector bodies.

JFrog also cited repositories connected to standards and developer tooling, including a critical issue in a tc39 proposal repository related to JavaScript standardisation, as well as vulnerabilities in p4lang and typst.

Other affected projects named include Eclipse Theia, Petgraph Rust libraries, sdkman, telepresence, and others. JFrog said it worked with maintainers to remediate the issues responsibly.

JFrog argued that reliance on shared open-source components and automation increases downstream impact when a major project is compromised. It said the issues could have provided a route into environments that build on affected packages and workflows.

Ansible and payments

One of the clearest examples involved Ansible. JFrog said workflow flaws there could have enabled the hijacking of 29 packages, which it said collectively receive millions of downloads each month.

JFrog also pointed to the AI framework repositories Xorbitsai and Tencent/ncnn, which it described as linked to mobile payment use cases. It said these frameworks are used in WeChat Pay's ecosystem, which it put at 1.4 billion users.

AI-assisted attacks

JFrog said recent incidents show attackers increasingly using AI-assisted techniques against open-source repositories and their pipelines. It said seven additional repositories connected to Microsoft, DataDog, and the Cloud Native Computing Foundation-along with projects including Trivy-were "hit by AI-assisted techniques similar to RepoHunter".

JFrog said it has integrated its research techniques and findings into the JFrog Platform to help customers detect vulnerable workflow patterns that could lead to repository takeovers through CI/CD exploitation.

Related stories
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks
CommBank deploys AI to spot emerging fraud patterns
The real-time data solution to the AI energy problem
Commvault extends Clumio support to Google Cloud Storage

Top stories

Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap