Security researchers have disclosed a critical vulnerability in CodeRabbit, a popular AI-powered code review platform, that enabled remote code execution (RCE) on production servers and unauthorized access to over one million repositories.
The vulnerability, discovered by researcher Nils Amiet and presented at Black Hat USA 2024, was responsibly disclosed and patched in January 2025.
https://cyberpress.org/rce-vulnerabilit ... ositories/