The Cordyceps CI/CD misconfiguration weakness class affects 300+ high-profile GitHub repositories, including projects maintained by Microsoft (Azure Sentinel), Google (AI Agent Development Kit), Apache (Doris), Cloudflare (Workers SDK), and the Python Software Foundation (Black formatter). The root cause is improper use of the pull_request_target workflow trigger without restricting execution to trusted code, allowing any external contributor with a free GitHub account to execute privileged CI runner code with access to repository secrets. There is no CVE and no vendor patch; remediation requires workflow configuration changes across every affected repository.