HIGH 8.2

CVE-2026-41249: CoreShop GitHub Actions RCE via Malicious Pull Request

CoreShop, a Pimcore-based eCommerce platform, contains a critical flaw in its GitHub Actions workflow configuration that allows attackers to execute arbitrary code on build infrastructure. The vulnerability stems from a workflow that accepts pull requests from untrusted sources but then executes scripts using code from those unverified pull requests. An attacker can simply submit a malicious pull request to trigger code execution on CoreShop's CI/CD runners, potentially compromising the build pipeline, stealing credentials, or injecting malicious code into releases.

Source data · NVD / CISA · public domain

CVSS
3.1 · 8.2 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Weaknesses (CWE)
CWE-94
Affected products
0 configuration(s)
Published / Modified
2026-06-04 / 2026-06-17

NVD description (verbatim)

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dangerously checks out the unverified code from the pull request head (`ref: ${{ github.event.pull_request.head.ref }}`). Subsequently, it executes a script (`bin/console`) from this untrusted checkout. This allows any external attacker to achieve Remote Code Execution (RCE) on the GitHub Actions runner simply by submitting a malicious Pull Request. Also known as a "Pwn Request" vulnerability. As of time of publication, `pull_request_target` is still in the file.

4 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CoreShop versions 5.0.1 through 5.1.0-beta.1 contain a Pwn Request vulnerability in their GitHub Actions workflow (`.github/workflows/static.yml`). The workflow uses the `pull_request_target` trigger—which grants elevated permissions and runs against the repository's main branch—but then checks out code directly from an untrusted pull request head via `ref: ${{ github.event.pull_request.head.ref }}`. This checkout is subsequently executed via the `bin/console` script without validation. The combination of elevated permissions, untrusted code checkout, and immediate script execution creates a direct path to Remote Code Execution (RCE) on the Actions runner. The root cause is CWE-94 (Code Injection), where attacker-controlled input is executed as code.

Business impact

Exploitation could allow an attacker to execute arbitrary commands on CoreShop's CI/CD infrastructure. Potential consequences include theft of repository secrets (API keys, signing certificates), injection of backdoored code into official releases, lateral movement to connected systems, or supply-chain compromise if malicious code reaches published packages. Organizations using CoreShop in affected versions risk deploying compromised software to their own production environments if they pull from affected releases.

Affected systems

CoreShop versions 5.0.1 through 5.1.0-beta.1 are vulnerable. The risk is highest for the CoreShop project's own build infrastructure; downstream users of CoreShop are at risk only if they deployed a compromised release or if they use the same vulnerable workflow pattern in their own CI/CD configurations. Organizations running older stable versions (5.0.0 and earlier) or patched versions after 5.1.0-beta.1 are not directly vulnerable to this specific workflow flaw.

Exploitability

This vulnerability is trivial to exploit. An attacker requires no authentication, special privileges, or user interaction—only the ability to submit a pull request to the CoreShop repository (or any fork with Actions enabled). The exploit path is straightforward: craft a malicious `bin/console` script or modify an existing one, submit a pull request, and code execution occurs automatically when the workflow runs. No CVSS modifier for user interaction or attack complexity is applied, reflecting the low barrier to exploitation.

Remediation

The CoreShop project should immediately remove the `pull_request_target` trigger or, if external PR feedback is required, avoid checking out and executing untrusted code. Safe alternatives include: (1) using `pull_request` trigger instead, which runs with limited permissions on a merge commit, or (2) if `pull_request_target` must be used, strictly validate or review PR changes before running any scripts, and never checkout the PR head ref directly. Verify that patches released after 5.1.0-beta.1 have addressed this configuration. Review the GitHub Actions workflow for any similar patterns that execute unverified code.

Patch guidance

Monitor CoreShop's official repository and security advisories for patched versions beyond 5.1.0-beta.1. When a patch is available, verify the release notes or workflow changes confirm removal or remediation of the `pull_request_target` vulnerability. Upgrade to the patched version as soon as it is available. If running CoreShop in development or CI/CD environments, audit your own Actions workflows to ensure they do not replicate this pattern.

Detection guidance

Scan your repositories for workflow files using `pull_request_target` that also check out `github.event.pull_request.head.ref` or equivalent untrusted refs. Tools like GitHub's Security tab, third-party CI/CD scanners, or manual code review of `.github/workflows/*.yml` can identify this anti-pattern. Monitor GitHub Actions run logs for unexpected script modifications or suspicious command execution. If you maintain a fork of CoreShop, audit your workflows immediately and disable or fix any that exhibit this vulnerability.

Why prioritize this

HIGH severity (CVSS 8.2) due to direct RCE on CI/CD infrastructure with no authentication required. While the KEV status is not currently assigned, the exploit is trivial and poses immediate supply-chain risk. Prioritize patching for any CoreShop instances used in production or development pipelines. Even if your organization does not directly run CoreShop, review similar patterns in your own GitHub Actions workflows to prevent self-inflicted compromise.

Risk score, explained

CVSS 3.1 score of 8.2 reflects High severity: Network-based attack (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and unchanged scope (S:U). The impact includes high confidentiality (C:H) due to potential credential theft and code inspection, low integrity impact (I:L) reflecting possible malicious code injection, and no availability impact (A:N) as the runner remains operational. The score correctly emphasizes the critical nature of CI/CD compromise without overstating direct downstream service availability risk.

Frequently asked questions

Can attackers use this vulnerability if CoreShop is running on my own infrastructure, not on GitHub Actions?

No. This vulnerability is specific to CoreShop's GitHub Actions workflow configuration. Self-hosted CoreShop installations are not affected by this CI/CD flaw. However, if you have copied CoreShop's workflow pattern into your own GitHub Actions, you could inadvertently create the same vulnerability in your own infrastructure.

If we use CoreShop but don't run our own builds, are we at risk?

If you download pre-built releases or Docker images from CoreShop's official registry, you are at risk only if a compromised release was published during the affected version window. Review release notes and integrity checks. The most direct risk is to organizations that build CoreShop from source using the vulnerable workflow or that run affected versions in development pipelines.

What is a 'Pwn Request' and why is it dangerous?

A Pwn Request is an attack on CI/CD pipelines that exploits the `pull_request_target` trigger. This trigger grants a pull request elevated permissions and execution context (main branch secrets and permissions), but the attacker's malicious code is executed as if it were trusted repository code. It is dangerous because it combines untrusted code with trusted permissions in a single atomic operation.

How should we configure GitHub Actions securely for external contributions?

Use the `pull_request` trigger (not `pull_request_target`) for workflows that don't need repository secrets—it runs with minimal permissions on an auto-generated merge commit of the PR. If you must use `pull_request_target`, never checkout `github.event.pull_request.head.ref` directly; instead, explicitly review, approve, and merge PRs manually before triggering sensitive workflows. Always separate approval from execution.

This analysis is based on the CVE description and publicly available GitHub Actions security guidance as of the publication date. Patch availability and version specifics should be verified against CoreShop's official repository and security advisories. Organizations should conduct their own risk assessment based on their use of CoreShop and exposure to untrusted pull requests. This document does not constitute legal or compliance advice. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).