Executive Summary

CVE-2026-48546 is a sandbox escape vulnerability in KanaDojo versions before 0.1.18. It occurs because the global require function is explicitly passed into a Node.js vm.runInNewContext() sandbox context within the issue-auto-respond.yml workflow.

An attacker can exploit this by submitting a pull request that modifies the messages.cjs file to import arbitrary Node.js modules. This bypasses the sandbox restrictions and allows the attacker to execute arbitrary code remotely.

Successful exploitation grants the attacker full GitHub Actions runner privileges, including access to sensitive tokens like AUTOMATION_PR_TOKEN.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts because it allows remote code execution with full privileges on the GitHub Actions runner.

• Attackers can run arbitrary code on the runner environment.
• They can access sensitive tokens such as AUTOMATION_PR_TOKEN, potentially leading to further unauthorized actions.
• This could lead to compromise of the CI/CD pipeline, unauthorized code changes, data leakage, or further attacks on connected systems.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves an attacker submitting a pull request that modifies the messages.cjs file to import arbitrary Node.js modules, exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext() sandbox context. Detection would involve monitoring for unusual or unauthorized pull requests that modify messages.cjs or related workflow files.

Additionally, inspecting the GitHub Actions workflows, specifically the issue-auto-respond.yml file, for the presence of the global require function passed into the sandbox context can help identify vulnerable configurations.

There are no explicit commands provided in the resources, but suggested approaches include:

• Review recent pull requests for unexpected changes to messages.cjs.
• Audit the .github/workflows/issue-auto-respond.yml file for usage of vm.runInNewContext() with the global require function.
• Use git commands such as `git log -p -- .github/workflows/issue-auto-respond.yml` and `git log -p -- messages.cjs` to review changes.
• Monitor GitHub Actions runner logs for suspicious activity or unexpected module imports.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, immediately update KanaDojo to version 0.1.18 or later, where the issue has been fixed.

The fix involves removing the global require function from the Node.js vm sandbox in the issue-auto-respond.yml workflow to prevent arbitrary code execution.

Additionally, the update replaces unsafe command execution methods to reduce risk of command injection.

• Apply the patch or upgrade to KanaDojo v0.1.18 as released on GitHub.
• Review and restrict pull request permissions to trusted contributors to reduce risk of malicious code injection.
• Audit GitHub Actions workflows to ensure no unsafe functions like global require are passed into sandboxed contexts.

Useful 0 Not Useful 0