HIGH 8.2

CVE-2026-44358

Espressif's Shared GitHub DangerJS Action, a reusable CI workflow component, contains a privilege escalation vulnerability in versions prior to 1.0.1. When processing pull requests from forks, the action's entrypoint script executes DangerJS from an untrusted search path after copying fork code into the working directory. This allows fork-supplied code to run inside the action container with the permissions of the workflow, rather than the action's own trusted code. An attacker can exploit this by submitting a malicious pull request from a fork, causing arbitrary code execution in the CI/CD environment.

Source data · NVD / CISA · public domain

CVSS
3.1 · 8.2 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
Weaknesses (CWE)
CWE-427, CWE-829
Affected products
0 configuration(s)
Published / Modified
2026-05-28 / 2026-06-17

NVD description (verbatim)

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary resolution and Node.js module resolution. A fork pull request processed by a pull_request_target workflow could therefore cause fork-supplied code to execute inside the action container in place of the action's own code. This vulnerability is fixed in 1.0.1.

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability stems from improper search path handling in entrypoint.sh. When a pull_request_target workflow processes a fork submission, the action copies the fork's checkout into the caller's workspace before invoking DangerJS. This creates an untrusted search path for both binary resolution (PATH environment variable) and Node.js module resolution (node_modules directories). An attacker-controlled fork can place malicious binaries or Node.js modules in predictable locations that will be discovered and executed in place of the legitimate action code. The issue affects the interaction between workflow context (which allows fork code access) and action execution context (which should run only trusted code). Fixed in version 1.0.1.

Business impact

This vulnerability directly threatens CI/CD pipeline integrity. Malicious pull requests can execute arbitrary code within the action container, potentially allowing attackers to: steal secrets and credentials stored in the workflow environment, compromise build artifacts, inject malicious code into repositories, modify CI/CD configurations, or pivot to downstream systems. Organizations using this action in pull_request_target workflows are at immediate risk, as fork pull requests are a common contribution mechanism. The impact is particularly severe because CI/CD systems often have broad access to source code, deployment credentials, and artifact storage.

Affected systems

Espressif Shared GitHub DangerJS Action versions prior to 1.0.1 are affected. This includes any GitHub Actions workflow that uses the action in a pull_request_target context to process fork contributions. Organizations using this action as a reusable workflow component for automated code review or validation are in scope. The action is specific to Espressif projects but may be used across multiple repositories or forks of Espressif codebases.

Exploitability

Exploitability is high. The vulnerability requires only network access and user interaction (opening a pull request), with no authentication or special privileges needed from the attacker. An attacker can craft a malicious fork with poisoned binaries or Node.js modules and submit a pull request. The pull_request_target workflow event automatically processes the pull request in the action's container, triggering the code execution. No patch installation or special configuration is required to exploit this; the flaw is inherent to how the action processes untrusted fork code.

Remediation

Update Espressif Shared GitHub DangerJS Action to version 1.0.1 or later. Organizations should audit their GitHub Actions workflows to identify all uses of this action, particularly those using pull_request_target events with fork processing enabled. After patching, validate that the action correctly isolates fork-supplied code from its own execution context. Consider implementing additional safeguards such as requiring pull request approval before workflow execution, using separate workflow files for fork processing, or restricting secrets access in pull_request_target workflows.

Patch guidance

Upgrade to version 1.0.1 of the Espressif Shared GitHub DangerJS Action. Update any workflow files that reference this action by changing the version pin to @1.0.1 or later (or @main if you track the default branch). Test the updated action in a non-production workflow first to ensure compatibility. Verify against the official Espressif repository to confirm the patch version and any associated release notes. After applying the patch, re-run recently processed pull requests from forks to ensure they do not contain injected artifacts.

Detection guidance

Review CI/CD logs for the action's execution to identify suspicious binary or module resolution behavior prior to the patch. Look for unexpected file access patterns in the action's working directory, particularly any execution of code from subdirectories created by fork checkouts. Monitor for pull requests from forks that modified entrypoint.sh, package.json, or similar files that could influence code resolution. Examine GitHub Actions run logs for unusual environment variable values (PATH, NODE_PATH) or error messages related to module resolution. If secrets were exfiltrated during a compromised run, rotate all credentials used by the workflow.

Why prioritize this

This vulnerability merits immediate attention due to its high CVSS score (8.2), network-based exploitability, and direct impact on CI/CD security. The attack surface includes any fork contributor, making it broadly exploitable. The consequence—arbitrary code execution in a privileged CI/CD context—can compromise source code integrity, build artifacts, and organizational secrets. Although not yet listed on the CISA KEV catalog, the simplicity of exploitation and severity of impact justify urgent patching.

Risk score, explained

CVSS 3.1 score of 8.2 (HIGH) reflects: network-based attack vector requiring only a fork pull request submission; low attack complexity with no special conditions; no privilege requirement from the attacker; user interaction needed (pull request review/merge, though automated in many workflows); scope change due to impact beyond the action itself (workflow-wide code execution); low confidentiality impact (secrets may be leaked but data exfiltration is secondary); high integrity impact (arbitrary code execution enables malicious modifications); no availability impact.

Frequently asked questions

Do I need to update if I don't use pull_request_target workflows?

The risk is highest with pull_request_target events, which explicitly allow fork code execution in the action container. However, review all workflows using this action. If you process fork pull requests in any way, update immediately. If you use only push events on main branches, risk is lower but you should still patch for defense-in-depth.

What does updating to 1.0.1 change in the action's behavior?

Version 1.0.1 fixes the untrusted search path vulnerability by ensuring DangerJS and its dependencies are resolved from trusted, action-controlled locations rather than the caller's workspace. This prevents fork-supplied binaries and Node.js modules from shadowing the legitimate action code. Update release notes should detail the specific path isolation improvements.

Can I detect if my workflows were already exploited?

Check GitHub Actions run logs for any pull requests from forks processed before patching. Look for unexpected files created in the workspace, unusual environment variable modifications, or signs of secret exfiltration in logs. If you have CI/CD secrets stored in environment variables or secrets storage, audit access logs and consider rotating all credentials used by affected workflows as a precaution.

Are there other CI/CD systems affected by similar vulnerabilities?

This specific vulnerability is tied to GitHub Actions and Espressif's action implementation. However, similar search path and code resolution issues can affect other CI/CD systems and reusable workflow components. Always review how third-party actions isolate untrusted fork code and ensure they do not inherit the caller's PATH or module search paths.

This analysis is provided for informational purposes and reflects the vulnerability description and CVSS score as published. Security teams should verify patch availability and version numbers against official Espressif repositories and GitHub release pages. The information herein does not constitute professional security advice; consult your organization's security team and vendor advisories for definitive guidance on patching timelines and workaround options. Real-world impact may vary based on workflow configuration, secrets management practices, and organizational CI/CD architecture. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).

Weaknesses (CWE)

Related vulnerabilities

  • CVE-2022-49036HIGH

    CVE-2022-49036: Synology Active Backup for Business Recovery Media Creator Arbitrary Code Execution

  • CVE-2022-49042HIGH

    CVE-2022-49042: Synology Hyper Backup Explorer Arbitrary Code Execution via MinGW DLL

  • CVE-2026-36574HIGH

    CVE-2026-36574: CactusViewer DLL Hijacking Vulnerability (CVSS 7.8 HIGH)

  • CVE-2018-25382HIGH

    CVE-2018-25382: Zechat 1.5 SQL Injection Vulnerability – Unauthenticated Database Access

  • CVE-2018-25383HIGH

    CVE-2018-25383: Free MP3 CD Ripper 2.8 Stack Overflow – ROP and DEP Bypass Risk

  • CVE-2018-25385HIGH

    CVE-2018-25385: Unauthenticated SQL Injection in E-Registrasi Pencak Silat 18.10

  • CVE-2018-25386HIGH

    CVE-2018-25386: SQL Injection in HaPe PKH 1.1 Admin Interface

  • CVE-2018-25388HIGH

    CVE-2018-25388: HaPe PKH 1.1 Arbitrary File Upload Vulnerability (CVSS 8.8)