Compliance Impact

This vulnerability allows an attacker to execute arbitrary commands on the CI runner and exfiltrate the GITHUB_TOKEN, which could lead to unauthorized access and modification of the repository. Such unauthorized access and potential data exfiltration could impact compliance with standards and regulations that require protection of sensitive data and secure access controls, such as GDPR and HIPAA.

Specifically, the exfiltration of credentials and the ability to bypass code review processes may violate principles of data integrity, confidentiality, and accountability mandated by these regulations.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-44590 is a critical command injection vulnerability in the GitHub Actions workflow `validate_modified_targets.yml` of the sherlock-project/sherlock repository, affecting versions up to v0.16.0.

The flaw arises from the use of the `pull_request_target` trigger, which runs in the context of the base repository with access to secrets and write permissions. This workflow processes a JSON file from the pull request where an attacker can inject shell metacharacters into key names.

These injected keys are interpolated directly into a shell command using `${{ }}` syntax, enabling the attacker to execute arbitrary commands on the CI runner.

By exploiting this, any GitHub user can open a pull request to execute commands and exfiltrate the `GITHUB_TOKEN` without needing approval, review, or merge.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an attacker to execute arbitrary commands on the continuous integration (CI) runner and steal the `GITHUB_TOKEN`.

With the stolen token, the attacker can approve their own pull requests, bypassing code review and approval processes.

This can lead to unauthorized code changes, potential injection of malicious code, and compromise of the repository's integrity and security.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by reviewing the GitHub Actions workflows in the sherlock-project/sherlock repository, specifically looking for the presence of the `validate_modified_targets.yml` workflow using the `pull_request_target` trigger.

You can check if your repository is using a vulnerable version (up to v0.16.0) of the sherlock project and if the workflow interpolates JSON keys directly into shell commands using `${{ }}` syntax.

To detect potential exploitation or presence of the vulnerability, you can audit recent pull requests for suspicious command injection patterns in the `data.json` file or unusual activity involving the `GITHUB_TOKEN`.

There are no specific network commands provided in the resources, but you can manually inspect the workflow file with commands like:

• grep -A 10 'validate_modified_targets.yml' .github/workflows/validate_modified_targets.yml
• grep 'pull_request_target' .github/workflows/validate_modified_targets.yml
• grep '\${{.*}}' .github/workflows/validate_modified_targets.yml

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade the sherlock project to version 0.16.1 or later where the issue is fixed.

Modify the `validate_modified_targets.yml` workflow to replace the `${{ }}` interpolation of JSON keys with shell environment variables to prevent command injection.

Disable credential persistence in the workflow to prevent exfiltration of the `GITHUB_TOKEN`.

Avoid using the `pull_request_target` trigger for workflows that process untrusted input or secrets, or apply strict validation and sanitization of inputs.

Useful 0 Not Useful 0