CVE-2026-27941
Received Received - Intake
Privilege Escalation via pull_request_target in OpenLIT Workflows

Publication date: 2026-02-26

Last updated on: 2026-03-06

Assigner: GitHub, Inc.

Description
OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context of the base repository, including a write-privileged `GITHUB_TOKEN` and numerous sensitive secrets (API keys, database/vector store tokens, and a Google Cloud service account key). Version 1.37.1 contains a fix.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-02-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27941
EUVD
EUVD-2026-8804
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openlit openlit_software_development_kit From 1.36.2 (inc) to 1.37.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-27941 is a critical security vulnerability in the OpenLIT platform's GitHub Actions workflows. The issue arises from the insecure use of the `pull_request_target` event, which runs workflows with the base repository's security context, including access to sensitive secrets and a write-privileged `GITHUB_TOKEN`."}, {'type': 'paragraph', 'content': 'The workflows check out and execute code from forked pull requests, which are attacker-controlled. This means malicious code in a pull request can run with full access to secrets such as API keys, database tokens, and cloud service account keys.'}, {'type': 'paragraph', 'content': 'Specifically, workflows like Pylint, Python Tests, and OpenLIT Docker tests are affected. An attacker can inject malicious code that exfiltrates secrets, runs arbitrary cloud commands, and manipulates the repository using the exposed `GITHUB_TOKEN`.'}, {'type': 'paragraph', 'content': 'The vulnerability is classified as CWE-829 (Inclusion of Functionality from Untrusted Control Sphere) and has a very high severity with a CVSS score of 9.9, reflecting its potential to compromise confidentiality, integrity, and availability.'}] [1]

Impact Analysis

This vulnerability can have severe impacts including the exfiltration of numerous sensitive secrets such as AI API keys, database credentials, and cloud service account keys.

An attacker can execute arbitrary code within the CI/CD pipeline, potentially gaining full control over the repository and associated cloud infrastructure.

Using the exposed `GITHUB_TOKEN`, an attacker can modify repository contents, create tags or releases, and perform supply-chain attacks, severely compromising the software development lifecycle.

Overall, the vulnerability poses a critical risk to the confidentiality, integrity, and availability of your codebase and cloud resources.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by auditing your GitHub Actions workflows for the insecure use of the `pull_request_target` event combined with checking out and executing untrusted code from forked pull requests.'}, {'type': 'list_item', 'content': 'Check if any workflow YAML files trigger on `pull_request_target` events.'}, {'type': 'list_item', 'content': 'Look for usage of `actions/checkout@v5` or similar actions that check out the pull request head commit (`ref: ${{ github.event.pull_request.head.sha }}`) in these workflows.'}, {'type': 'list_item', 'content': 'Inspect workflows for environment variables or secrets being set globally or during pull request runs.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect this pattern include:'}, {'type': 'list_item', 'content': "Use `grep -r 'pull_request_target' .github/workflows/` to find workflows triggered by `pull_request_target`."}, {'type': 'list_item', 'content': "Use `grep -r 'checkout' .github/workflows/` to find checkout steps, then verify if they use `ref: ${{ github.event.pull_request.head.sha }}`."}, {'type': 'list_item', 'content': "Review workflow files for environment variables or secrets usage with commands like `grep -r 'env:' .github/workflows/`."}] [1]

Mitigation Strategies

Immediate mitigation steps include modifying your GitHub Actions workflows to prevent execution of untrusted code with access to sensitive secrets.

  • Replace the `pull_request_target` event with the `pull_request` event in workflows that build, test, lint, or run pull request code.
  • Avoid checking out the pull request head commit (`github.event.pull_request.head.sha`) in workflows triggered by `pull_request_target`.
  • If `pull_request_target` must be used (e.g., for labeling), ensure no checkout or execution of pull request code occurs in those workflows.
  • Restrict `GITHUB_TOKEN` permissions to the least privilege necessary, especially limiting write access.
  • Scope environment variables containing secrets to non-pull request events to prevent exposure during pull request workflows.
  • Audit all workflows and branches for the vulnerable pattern and apply fixes accordingly.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27941. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart