CVE-2026-42603 Overview
CVE-2026-42603 is a code injection vulnerability in OWASP BLT, a quality assurance testing and vulnerability disclosure platform that covers websites, applications, and git repositories. Versions prior to 2.1.2 ship a GitHub Actions workflow at .github/workflows/pre-commit-fix.yaml that uses the privileged pull_request_target trigger. The workflow then checks out and executes code directly from the attacker-controlled fork. This combination allows untrusted pull request contributors to execute arbitrary code in a context with write permissions to the upstream repository. The issue is classified as [CWE-94] Improper Control of Generation of Code. Maintainers fixed the issue in version 2.1.2.
Critical Impact
Attackers can achieve remote code execution within the GitHub Actions runner and obtain write access to the OWASP BLT repository, enabling supply chain compromise.
Affected Products
- OWASP BLT versions prior to 2.1.2
- The vulnerable workflow file .github/workflows/pre-commit-fix.yaml
- Forks of OWASP BLT that retained the affected workflow
Discovery Timeline
- 2026-05-11 - CVE-2026-42603 published to NVD
- 2026-05-13 - Last updated in NVD database
Technical Details for CVE-2026-42603
Vulnerability Analysis
The vulnerability stems from misuse of the GitHub Actions pull_request_target event trigger. Unlike the standard pull_request trigger, pull_request_target runs in the context of the base repository with access to repository secrets and a GITHUB_TOKEN that holds write permissions. GitHub documentation explicitly warns against checking out untrusted pull request code under this trigger.
The OWASP BLT workflow .github/workflows/pre-commit-fix.yaml violates that guidance. It checks out the head ref from the pull request, which points at the attacker's fork, and then executes pre-commit hooks defined in that fork. Any malicious script the attacker places in the fork executes inside the privileged runner. This is the classic "pwn request" pattern affecting GitHub Actions pipelines.
Root Cause
The root cause is the combination of a privileged workflow trigger with an unsafe checkout of attacker-controlled content. The workflow assumes contributor code is trustworthy while executing in a context that holds write credentials to the upstream repository.
Attack Vector
An external attacker forks the OWASP BLT repository, modifies pre-commit configuration or referenced scripts to include malicious commands, and opens a pull request against the upstream project. Opening the pull request triggers the workflow, which checks out the attacker's branch and runs the pre-commit logic with the upstream GITHUB_TOKEN. The attacker can exfiltrate secrets, push commits to protected branches, publish releases, or alter source code. User interaction is limited to opening the pull request, since no maintainer approval is required for pull_request_target runs on first-time contributors in many configurations.
See the GitHub Security Advisory GHSA-cgvj-qg2h-cqfh for the maintainer write-up.
Detection Methods for CVE-2026-42603
Indicators of Compromise
- Unexpected commits, tags, or releases authored by github-actions[bot] in the OWASP BLT repository
- Workflow runs of pre-commit-fix.yaml triggered by external pull requests that reference unfamiliar forks
- Outbound network connections from GitHub-hosted runners to attacker-controlled hosts during workflow execution
- New or rotated repository secrets, deploy keys, or personal access tokens shortly after suspicious workflow runs
Detection Strategies
- Audit all workflow files for the pull_request_target trigger combined with actions/checkout referencing github.event.pull_request.head.sha or head.ref
- Review GitHub Actions run logs for pre-commit-fix.yaml executions originating from forks prior to upgrading to 2.1.2
- Correlate repository write events (push, release, create) with the identity and timing of recent workflow runs
Monitoring Recommendations
- Enable GitHub audit log streaming to a SIEM and alert on workflow runs that modify protected branches or secrets
- Require maintainer approval for workflows from first-time contributors using the Require approval for all outside collaborators setting
- Monitor for changes to .github/workflows/ directories using branch protection and signed commit policies
How to Mitigate CVE-2026-42603
Immediate Actions Required
- Upgrade OWASP BLT to version 2.1.2 or later, which removes the unsafe checkout pattern
- Rotate any secrets, tokens, or deploy keys that were accessible to the vulnerable workflow
- Review repository commit history and release artifacts for unauthorized changes introduced through forked pull requests
Patch Information
The maintainers fixed CVE-2026-42603 in OWASP BLT 2.1.2. The fix removes execution of attacker-controlled code under the pull_request_target trigger. Refer to the GitHub Security Advisory GHSA-cgvj-qg2h-cqfh for the patch commit and release notes.
Workarounds
- Replace pull_request_target with the standard pull_request trigger when the workflow needs to execute contributor code
- If pull_request_target is required, check out only the base repository ref and never execute scripts from github.event.pull_request.head.*
- Restrict GITHUB_TOKEN permissions in the workflow to contents: read using a top-level permissions: block
- Disable or delete the pre-commit-fix.yaml workflow until the upgrade can be applied
# Configuration example: minimal-permission workflow trigger
name: pre-commit-fix
on:
pull_request:
branches: [ main ]
permissions:
contents: read
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- run: pre-commit run --all-files
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
