EXECUTIVE SUMMARY
A security misconfiguration affecting AWS CodeBuild has been identified that may expose GitHub repositories and sensitive CI/CD secrets, creating a software supply chain attack risk. When CodeBuild projects are configured to automatically build untrusted pull requests or external forks without proper isolation, attackers can abuse the build environment to exfiltrate credentials or inject malicious code into build artifacts.
This issue does not stem from a software vulnerability but from insecure CI/CD trust boundaries and IAM misconfigurations, which can allow attackers to poison software builds and compromise downstream consumers.
- Active Region: Global
- Affected Sector: Software Development, Cloud Services
- Affected Product: AWS CodeBuild (GitHub-integrated CI/CD pipelines)
- Severity: High
- Published Date: January 15, 2026
TECHNICAL DETAILS
- Attack Vector: Remote exploitation via malicious pull requests or forked repositories submitted to GitHub projects integrated with AWS CodeBuild. No AWS authentication is required; attackers only need the ability to trigger an automated build.
- Affected Components / Platforms: AWS CodeBuild projects integrated with GitHub or GitHub Enterprise across all AWS regions, especially pipelines configured to automatically build external pull requests.
- Exploitation Impact: Successful exploitation can result in credential exfiltration……
