Claude Code flaw enables GitHub repository hijacking

Published on June 06, 2026 | Translated from Spanish

A vulnerability discovered in the GitHub Claude Code action allows a malicious file within an issue to compromise entire repositories. The flaw exposes sensitive data and allows unauthorized code modification. Any collaborator with repository access can exploit it, posing a serious risk to projects using this AI tool.

A GitHub repository interface being breached during a code review session, a malicious file disguised as a harmless attachment emerges from a glowing issue ticket, its code lines transforming into metallic chains that wrap around the repository structure, sensitive data streams leaking from exposed folders while unauthorized code injections flash red, the Claude Code AI tool icon shown as a compromised security shield nearby, cinematic cybersecurity visualization, dark mode terminal aesthetic, neon red and blue alert lighting, holographic data fragments floating, ultra-detailed UI elements, photorealistic technical render

Technical details of the vulnerability in Claude Code 🔍

The flaw lies in how Claude Code processes file attachments in issues. When uploading a specially crafted file, the action interprets it as valid commands, executing actions such as cloning the repository, extracting access tokens, and uploading data to external servers. It does not require elevated permissions; write permissions on issues are sufficient. GitHub has already notified developers, but the fix is not immediate for all affected projects.

The issue that took its job a bit too seriously 😅

Apparently, Claude Code confuses a file with a serious work plan. A simple issue with a malicious attachment and the AI becomes a butler for a data thief. The irony is that the tool designed to help develop code ends up handing over the keys to the repository. Now it's time to review every issue as if it were a letter bomb, but in code version.