A critical Time-of-Check-Time-of-Use vulnerability in Google Cloud Build's GitHub integration allowed attackers to hijack privileged CI/CD pipelines by exploiting a maintainer approval race condition. The $30,000-bounty flaw demonstrates how subtle timing gaps in DevOps toolchains can become dangerous privilege escalation vectors.