CVE-2026-45131 – CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests

admin
June 1, 2026
Wire

CVE ID :CVE-2026-45131

Published : June 1, 2026, 5:17 p.m. | 49 minutes ago

Description :CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens without requiring maintainer approval. This issue has been patched via commit fcf9302.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… To Read More Visit Read More

Related Posts

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

CVE-2026-55196 – Hermes WebUI < 0.51.409 – Unauthenticated Passkey Registration via Authentication Bypass

CVE-2026-53871 – Hermes WebUI < 0.51.368 – Profile-Scoped Authorization Bypass via Forged hermes_profile Cookie