Sydney, Australia. — March 6, 2026 — JFrog Ltd. (NASDAQ: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today announced its Security Research team was the first to detect, report, and help remediate 13 vulnerabilities, 10 of which are critical, in CI/CD workflows within well-known GitHub repositories. These were discovered using JFrog’s internal research tool, RepoHunter, an AI-research security research bot built to detect CI/CD workflow vulnerabilities.
The vulnerabilities discovered by the JFrog Security Research Team, by detecting vulnerable workflow patterns, are commonly referred to as “Pwn Requests”. The vulnerabilities were found in repositories such as Ansible, automation software trusted by millions of enterprise users, including Fortune 500 companies, and QGIS, a mapping and data visualisation tool often used by government organisations.
This type of vulnerability directly threatens infrastructure powering global financial systems, JavaScript standards, and critical AI infrastructure used by large enterprises and governments globally. This proactive discovery comes in the wake of the Shai-Hulud worm and the “S1ngularity” attack, both of which exploited similar CI/CD pipeline flaws to poison software supply chains and exfiltrate secrets.
“This discovery is a wake-up call for the industry as it raises two critical concerns. First, CI/CD pipelines are now major risk points as attackers exploit open-source vulnerabilities, as demonstrated by the 13 identified “Pwn Request” flaws, indicating a shift from direct package maintainer attacks to pipeline hijacking,” said Shachar Menashe, Vice President of Security Research, JFrog. “Second, it proves the industry’s reliance on trust-based automation is being exploited at scale. Our AI-research bot, RepoHunter, proves that when misused, AI technologies can severely damage global software supply chains. Attacks that once took months for bad actors to orchestrate can now be executed in days. This underscores the importance of equipping trustworthy parties with these tools to counter potential threats quickly.”
Packages & Workflows Under Attack
In modern software development, CI/CD pipelines have become the backbone of efficient, rapid software delivery. These automated systems streamline the journey from code commit to production, enabling organisations to ship features faster than ever. However, this has also made CI/CD pipelines one of the most attractive targets for sophisticated attackers, offering a direct path to the “keys to the kingdom.” Thus, the potential “blast radius” of these discoveries, if they were exploited, is vast.
What JFrog’s RepoHunter Prevented
By opening malicious pull requests that exploit unsanitised metadata or code, the vulnerabilities provide a direct pathway to exfiltrate critical secrets, including cloud credentials, signing keys, and deployment tokens. These secrets can be used directly to poison these same projects with malicious code and perform a software supply chain attack at scale.
The 13 new vulnerabilities discovered by JFrog’s RepoHunter impact important industry frameworks and use cases such as:
● Software Developer Supply Chain Workflows at Scale: The discovered flaws in Ansible could have enabled the hijacking of 29 packages, collectively driving millions of monthly downloads, potentially poisoning development environments for all downstream users.
● AI-Powered Mobile Payment Systems: Vulnerabilities were found in Xorbitsai and Tencent/ncnn – the AI frameworks powering WeChat Pay’s 1.4 billion users.
● Programming Language Toolchains: A critical vulnerability in a tc39 proposal repository, which could lead to compromising risks to trust in the JavaScript standardisation process itself, creating an ecosystem-wide downstream risk, as well as vulnerabilities in p4lang, typst.
● Global Governing Standards & Security Infrastructure: JFrog also uncovered and fixed vulnerabilities found in, Eclipse Theia, Petgraph rust libraries and sdkman (developer tools), QGIS (geospatial mapping), telepresence (CNCF open source tool), and more. These could have weakened companies’ software security, caused performance issues, data loss, etc. which would have negatively impacted user trust and compliance requirements. Protecting these frameworks is vital to ensure the integrity and reliability of services that directly affect end users in their daily lives.
Recently,7 more repositories belonging to Microsoft, DataDog, the CNCF, and popular open-source projects such as Trivy, were hit by AI-assisted techniques similar to RepoHunter, proving its efficacy and underscoring the importance of putting powerful AI technologies in the hands of “white hat hackers”.
These research techniques and findings have been embedded in the JFrog Platform to help customers detect vulnerable workflows that could cause open-source repository takeovers. JFrog worked closely with project maintainers to remediate these issues responsibly before disclosure. For a full technical breakdown of the vulnerabilities, discovery and remediation strategies, read this blog.
Techedge AI is a niche publication dedicated to keeping its audience at the forefront of the rapidly evolving AI technology landscape. With a sharp focus on emerging trends, groundbreaking innovations, and expert insights, we cover everything from C-suite interviews and industry news to in-depth articles, podcasts, press releases, and guest posts. Join us as we explore the AI technologies shaping tomorrow’s world.
