AWS CodeBuild Misconfiguration Enables Supply Chain Attack Path

First reported

15.01.2026 17:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A critical misconfiguration in AWS CodeBuild, dubbed CodeBreach, allowed attackers to exploit continuous integration pipelines and potentially inject malicious code into core AWS GitHub repositories, including the JavaScript SDK used by the AWS Console. The flaw stemmed from an unanchored regular expression filter in pull request triggers, enabling unauthenticated attackers to bypass security restrictions and escalate access to repository control. The vulnerability was disclosed by Wiz Research and addressed by AWS within 48 hours.

Timeline

15.01.2026 17:00 1 articles · 4h ago

AWS CodeBuild Misconfiguration Enables Supply Chain Attack Path
A critical misconfiguration in AWS CodeBuild, dubbed CodeBreach, allowed attackers to exploit continuous integration pipelines and potentially inject malicious code into core AWS GitHub repositories, including the JavaScript SDK used by the AWS Console. The flaw stemmed from an unanchored regular expression filter in pull request triggers, enabling unauthenticated attackers to bypass security restrictions and escalate access to repository control. The vulnerability was disclosed by Wiz Research and addressed by AWS within 48 hours.
Show sources

CodeBuild Flaw Put AWS Console Supply Chain At Risk — www.infosecurity-magazine.com — 15.01.2026 17:00
Open in new tab

Information Snippets

The misconfiguration in AWS CodeBuild allowed unauthenticated attackers to inject malicious code into trusted repositories, potentially compromising the AWS Console.
First reported: 15.01.2026 17:00

1 source, 1 article
Show sources
- CodeBuild Flaw Put AWS Console Supply Chain At Risk — www.infosecurity-magazine.com — 15.01.2026 17:00
The vulnerability stemmed from an unanchored regular expression filter in pull request triggers, enabling attackers to bypass security restrictions.
First reported: 15.01.2026 17:00

1 source, 1 article
Show sources
- CodeBuild Flaw Put AWS Console Supply Chain At Risk — www.infosecurity-magazine.com — 15.01.2026 17:00
Wiz Research demonstrated a takeover of the aws/aws-sdk-js-v3 repository, gaining admin-level access through stolen credentials.
First reported: 15.01.2026 17:00

1 source, 1 article
Show sources
- CodeBuild Flaw Put AWS Console Supply Chain At Risk — www.infosecurity-magazine.com — 15.01.2026 17:00
AWS addressed the issue within 48 hours by anchoring the affected regex filters, revoking exposed credentials, and adding protections to prevent memory-based credential theft.
First reported: 15.01.2026 17:00

1 source, 1 article
Show sources
- CodeBuild Flaw Put AWS Console Supply Chain At Risk — www.infosecurity-magazine.com — 15.01.2026 17:00
AWS introduced a new Pull Request Comment Approval build gate to block untrusted builds by default.
First reported: 15.01.2026 17:00

1 source, 1 article
Show sources
- CodeBuild Flaw Put AWS Console Supply Chain At Risk — www.infosecurity-magazine.com — 15.01.2026 17:00
Wiz Research recommended CodeBuild users to block untrusted pull requests, use fine-grained GitHub tokens, and anchor webhook filter regex patterns.
First reported: 15.01.2026 17:00

1 source, 1 article
Show sources
- CodeBuild Flaw Put AWS Console Supply Chain At Risk — www.infosecurity-magazine.com — 15.01.2026 17:00