India, April 22 -- The Tenable Research GitHub Advisory brings attention to a critical vulnerability discovered in a Microsoft GitHub repository, raising serious concerns about how modern development pipelines are secured. With a CVSS score of 9.3, the issue allowed unauthorized code execution and access to sensitive repository secrets, turning what looks like a routine workflow into a potential entry point for attackers.

At the centre of the issue is a vulnerable GitHub Actions workflow inside the Windows-driver-samples repository. This repository is widely used, with thousands of forks and stars, making it a high-value target. The advisory highlights how CI/CD systems, often seen as background automation tools, are now a direct part of...