취약점  ·  2026-07-17

Claude Code Action (GitHub Action) — 공격자 제어 PR 콘텐츠로 인한 MCP 설정 주입 및 코드 실행

취약점Medium 영향도GlobalCVE-2026-47751
Anthropic의 PR/문제에 대해 Claude Code를 실행하는 공
This is a supply-chain-style attack on CI/CD-integrated AI coding agents: any public repository using claude-code-action to auto-review external PRs could have its CI environment (secrets, tokens) compromised simply by a malicious pull request supplying a poisoned MCP config.
The action checked out attacker-controlled PR head branches and read .mcp.json plus other configuration files from the working directory via default setting sources, then unconditionally executed Claude Code CLI in that checked-out directory — allowing a malicious PR to plant a poisoned .mcp.json that gets loaded and executed by the action.
Claude Code Action (anthropics/claude-code-action) prior to 1.0.74
Upgrade to claude-code-action 1.0.74 or later, which restores trusted configuration from the PR's base branch before execution (restoreConfigFromBase). See GitHub commit 9ddce40de8c1ab71fb6303a125fdad0968dc1312.
Miggo Vulnerability DatabaseGitHub commit
라이브 피드에서 보기 AI 보안 및 거버넌스 관련 소식을 더 살펴보세요 — 매일 아침 업데이트.
피드 열기 →