Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-29075 is a high-severity vulnerability in the Mesa open-source Python library's GitHub Actions workflow file benchmarks.yml. In versions 3.5.0 and prior, the workflow uses the pull_request_target event to check out code from pull requests. This event runs with elevated permissions and checks out untrusted code from the PR branch. Because the workflow runs scripts like pip install and executes Python scripts from the PR branch, a malicious actor can craft code within the PR to execute arbitrary code on the privileged runner."}, {'type': 'paragraph', 'content': 'This arbitrary code execution can occur with elevated permissions because the runner has write access to issues and pull requests, potentially allowing unauthorized actions. The vulnerability arises from the combination of checking out untrusted code and running it with high privileges in the CI workflow.'}] [2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized code execution on the privileged GitHub Actions runner used by the Mesa project. Since the runner has write permissions to issues and pull requests, an attacker could exploit this to perform unauthorized actions such as modifying pull requests, creating or editing issues, or potentially injecting malicious code into the project.

The impact includes a significant security risk where an attacker can leverage the CI workflow to gain elevated privileges and compromise the integrity of the repository and its development process.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by examining the GitHub Actions workflows in the mesa/mesa repository, specifically looking for the use of the `pull_request_target` event in the `.github/workflows/benchmarks.yml` file. The presence of this event indicates that untrusted code from pull requests is checked out and executed with elevated permissions, which is the root cause of the vulnerability.

To detect if your system or network is affected, you can check the workflow file for the event trigger and permissions settings.

• Run a command to fetch and inspect the workflow file, for example: `curl -s https://raw.githubusercontent.com/mesa/mesa/main/.github/workflows/benchmarks.yml | grep pull_request_target`
• Check for the presence of `pull_request_target` event and permissions that allow write access, which indicate vulnerability.

Additionally, review recent commits to see if the patch commit `c35b8cd` has been applied, which mitigates the issue.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, update the GitHub Actions workflow to avoid running untrusted code with elevated permissions.

• Replace the `pull_request_target` event with the `pull_request` event in the `.github/workflows/benchmarks.yml` file to reduce permission scope.
• Split the benchmarking workflow into two separate workflows: one that runs benchmarks with read-only permissions triggered by `pull_request`, and another that handles commenting with write permissions triggered by `workflow_run`.
• Apply the patch introduced in commit `c35b8cd` which refactors the workflow to separate privileged operations from untrusted code execution.

These steps limit the exposure of privileged runners to untrusted code, preventing arbitrary code execution.

Useful 0 Not Useful 0