CVE-2026-44358
Espressif's Shared GitHub DangerJS Action, a reusable CI workflow component, contains a privilege escalation vulnerability in versions prior to 1.0.1. When processing pull requests from forks, the action's entrypoint script executes DangerJS from an untrusted search path after copying fork code into the working directory. This allows fork-supplied code to run inside the action container with the permissions of the workflow, rather than the action's own trusted code. An attacker can exploit this by submitting a malicious pull request from a fork, causing arbitrary code execution in the CI/CD environment.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.2 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
- Weaknesses (CWE)
- CWE-427, CWE-829
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary resolution and Node.js module resolution. A fork pull request processed by a pull_request_target workflow could therefore cause fork-supplied code to execute inside the action container in place of the action's own code. This vulnerability is fixed in 1.0.1.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability stems from improper search path handling in entrypoint.sh. When a pull_request_target workflow processes a fork submission, the action copies the fork's checkout into the caller's workspace before invoking DangerJS. This creates an untrusted search path for both binary resolution (PATH environment variable) and Node.js module resolution (node_modules directories). An attacker-controlled fork can place malicious binaries or Node.js modules in predictable locations that will be discovered and executed in place of the legitimate action code. The issue affects the interaction between workflow context (which allows fork code access) and action execution context (which should run only trusted code). Fixed in version 1.0.1.
Business impact
This vulnerability directly threatens CI/CD pipeline integrity. Malicious pull requests can execute arbitrary code within the action container, potentially allowing attackers to: steal secrets and credentials stored in the workflow environment, compromise build artifacts, inject malicious code into repositories, modify CI/CD configurations, or pivot to downstream systems. Organizations using this action in pull_request_target workflows are at immediate risk, as fork pull requests are a common contribution mechanism. The impact is particularly severe because CI/CD systems often have broad access to source code, deployment credentials, and artifact storage.
Affected systems
Espressif Shared GitHub DangerJS Action versions prior to 1.0.1 are affected. This includes any GitHub Actions workflow that uses the action in a pull_request_target context to process fork contributions. Organizations using this action as a reusable workflow component for automated code review or validation are in scope. The action is specific to Espressif projects but may be used across multiple repositories or forks of Espressif codebases.
Exploitability
Exploitability is high. The vulnerability requires only network access and user interaction (opening a pull request), with no authentication or special privileges needed from the attacker. An attacker can craft a malicious fork with poisoned binaries or Node.js modules and submit a pull request. The pull_request_target workflow event automatically processes the pull request in the action's container, triggering the code execution. No patch installation or special configuration is required to exploit this; the flaw is inherent to how the action processes untrusted fork code.
Remediation
Update Espressif Shared GitHub DangerJS Action to version 1.0.1 or later. Organizations should audit their GitHub Actions workflows to identify all uses of this action, particularly those using pull_request_target events with fork processing enabled. After patching, validate that the action correctly isolates fork-supplied code from its own execution context. Consider implementing additional safeguards such as requiring pull request approval before workflow execution, using separate workflow files for fork processing, or restricting secrets access in pull_request_target workflows.
Patch guidance
Upgrade to version 1.0.1 of the Espressif Shared GitHub DangerJS Action. Update any workflow files that reference this action by changing the version pin to @1.0.1 or later (or @main if you track the default branch). Test the updated action in a non-production workflow first to ensure compatibility. Verify against the official Espressif repository to confirm the patch version and any associated release notes. After applying the patch, re-run recently processed pull requests from forks to ensure they do not contain injected artifacts.
Detection guidance
Review CI/CD logs for the action's execution to identify suspicious binary or module resolution behavior prior to the patch. Look for unexpected file access patterns in the action's working directory, particularly any execution of code from subdirectories created by fork checkouts. Monitor for pull requests from forks that modified entrypoint.sh, package.json, or similar files that could influence code resolution. Examine GitHub Actions run logs for unusual environment variable values (PATH, NODE_PATH) or error messages related to module resolution. If secrets were exfiltrated during a compromised run, rotate all credentials used by the workflow.
Why prioritize this
This vulnerability merits immediate attention due to its high CVSS score (8.2), network-based exploitability, and direct impact on CI/CD security. The attack surface includes any fork contributor, making it broadly exploitable. The consequence—arbitrary code execution in a privileged CI/CD context—can compromise source code integrity, build artifacts, and organizational secrets. Although not yet listed on the CISA KEV catalog, the simplicity of exploitation and severity of impact justify urgent patching.
Risk score, explained
CVSS 3.1 score of 8.2 (HIGH) reflects: network-based attack vector requiring only a fork pull request submission; low attack complexity with no special conditions; no privilege requirement from the attacker; user interaction needed (pull request review/merge, though automated in many workflows); scope change due to impact beyond the action itself (workflow-wide code execution); low confidentiality impact (secrets may be leaked but data exfiltration is secondary); high integrity impact (arbitrary code execution enables malicious modifications); no availability impact.
Frequently asked questions
Do I need to update if I don't use pull_request_target workflows?
The risk is highest with pull_request_target events, which explicitly allow fork code execution in the action container. However, review all workflows using this action. If you process fork pull requests in any way, update immediately. If you use only push events on main branches, risk is lower but you should still patch for defense-in-depth.
What does updating to 1.0.1 change in the action's behavior?
Version 1.0.1 fixes the untrusted search path vulnerability by ensuring DangerJS and its dependencies are resolved from trusted, action-controlled locations rather than the caller's workspace. This prevents fork-supplied binaries and Node.js modules from shadowing the legitimate action code. Update release notes should detail the specific path isolation improvements.
Can I detect if my workflows were already exploited?
Check GitHub Actions run logs for any pull requests from forks processed before patching. Look for unexpected files created in the workspace, unusual environment variable modifications, or signs of secret exfiltration in logs. If you have CI/CD secrets stored in environment variables or secrets storage, audit access logs and consider rotating all credentials used by affected workflows as a precaution.
Are there other CI/CD systems affected by similar vulnerabilities?
This specific vulnerability is tied to GitHub Actions and Espressif's action implementation. However, similar search path and code resolution issues can affect other CI/CD systems and reusable workflow components. Always review how third-party actions isolate untrusted fork code and ensure they do not inherit the caller's PATH or module search paths.
This analysis is provided for informational purposes and reflects the vulnerability description and CVSS score as published. Security teams should verify patch availability and version numbers against official Espressif repositories and GitHub release pages. The information herein does not constitute professional security advice; consult your organization's security team and vendor advisories for definitive guidance on patching timelines and workaround options. Real-world impact may vary based on workflow configuration, secrets management practices, and organizational CI/CD architecture. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Browse
Related vulnerabilities
- CVE-2022-49036HIGH
CVE-2022-49036: Synology Active Backup for Business Recovery Media Creator Arbitrary Code Execution
- CVE-2022-49042HIGH
CVE-2022-49042: Synology Hyper Backup Explorer Arbitrary Code Execution via MinGW DLL
- CVE-2026-36574HIGH
CVE-2026-36574: CactusViewer DLL Hijacking Vulnerability (CVSS 7.8 HIGH)
- CVE-2018-25382HIGH
CVE-2018-25382: Zechat 1.5 SQL Injection Vulnerability – Unauthenticated Database Access
- CVE-2018-25383HIGH
CVE-2018-25383: Free MP3 CD Ripper 2.8 Stack Overflow – ROP and DEP Bypass Risk
- CVE-2018-25385HIGH
CVE-2018-25385: Unauthenticated SQL Injection in E-Registrasi Pencak Silat 18.10
- CVE-2018-25386HIGH
CVE-2018-25386: SQL Injection in HaPe PKH 1.1 Admin Interface
- CVE-2018-25388HIGH
CVE-2018-25388: HaPe PKH 1.1 Arbitrary File Upload Vulnerability (CVSS 8.8)