CVE-2026-45131 Overview
CVE-2026-45131 is a code injection vulnerability in the CloudPirates Open Source Helm Charts repository. The flaw resides in the pull-request.yaml GitHub Actions workflow, which executes attacker-controlled code from fork pull requests inside a privileged execution context. Any contributor can open a malicious pull request and trigger workflow code execution without maintainer approval. The privileged context exposes repository secrets, including Docker Hub credentials and CI tokens. Maintainers patched the issue in commit fcf9302. The vulnerability is tracked under CWE-94: Improper Control of Generation of Code.
Critical Impact
Unauthenticated attackers can exfiltrate Docker Hub credentials and CI tokens by submitting a malicious pull request from any fork.
Affected Products
- CloudPirates Open Source Helm Charts repository
- All commits prior to fcf9302
- The pull-request.yaml GitHub Actions workflow
Discovery Timeline
- 2026-06-01 - CVE-2026-45131 published to NVD
- 2026-06-01 - Last updated in NVD database
Technical Details for CVE-2026-45131
Vulnerability Analysis
The pull-request.yaml workflow uses a trigger that grants pull requests from forks access to repository secrets. GitHub Actions provides two pull request triggers: pull_request runs in an unprivileged context, while pull_request_target runs against the base repository with full secret access. When pull_request_target checks out and executes code from the head of a fork branch, attacker-supplied content runs with maintainer privileges.
In this case, the workflow checks out fork code and runs build or test steps that consume secrets.DOCKERHUB_TOKEN and related credentials. Attackers control the executed code through any file referenced by the workflow, such as scripts, Makefiles, or Helm chart manifests. Once the workflow runs, the attacker can read the secrets from process memory or environment variables and exfiltrate them over the network.
Root Cause
The root cause is the combination of a privileged workflow trigger with checkout of untrusted fork code. The workflow trusted pull request content that any GitHub user can modify, violating the separation between privileged automation and untrusted input. No maintainer approval gate existed before secret-bearing jobs ran.
Attack Vector
An attacker forks the repository, modifies a file consumed by the workflow, and opens a pull request against the base repository. The pull_request_target workflow triggers automatically, checks out the malicious branch, and executes the attacker payload with access to secrets.*. The payload reads the Docker Hub token and posts it to an attacker-controlled endpoint. The exfiltrated Docker Hub credentials allow the attacker to push malicious images to the project's container registry, enabling downstream supply chain attacks against Helm chart consumers.
Technical details are documented in GitHub Security Advisory GHSA-c47r-c7gw-cvph and the remediation commit.
Detection Methods for CVE-2026-45131
Indicators of Compromise
- Workflow runs of pull-request.yaml triggered by pull requests from forks before commit fcf9302.
- Outbound network connections from GitHub Actions runners to unknown hosts during pull request workflow execution.
- Unauthorized image pushes to the CloudPirates Docker Hub namespace from unfamiliar IP addresses or at unusual times.
- Use of DOCKERHUB_TOKEN or other repository secrets outside expected publish workflows.
Detection Strategies
- Audit GitHub Actions workflow run logs for fork pull requests that executed steps consuming secrets prior to the patch.
- Inspect Docker Hub audit logs for image pushes, tag changes, and token usage that do not align with maintainer activity.
- Review GitHub repository secret access logs and rotate any token used by the vulnerable workflow.
Monitoring Recommendations
- Enable GitHub Advanced Security and configure alerts for workflows that combine pull_request_target with actions/checkout of the pull request head.
- Forward GitHub audit logs and Docker Hub registry events into a centralized SIEM for correlation.
- Alert on first-time publisher identities pushing to production container registries.
How to Mitigate CVE-2026-45131
Immediate Actions Required
- Update the repository to commit fcf9302 or later, which removes the privileged execution of untrusted fork code.
- Rotate all secrets exposed to the vulnerable workflow, including DOCKERHUB_TOKEN and any GitHub personal access tokens stored in repository or organization secrets.
- Review all container images published from the repository since the workflow was introduced and revoke any that cannot be verified.
- Pin GitHub Actions to commit SHAs and enable required reviewer approval for workflow runs from first-time contributors.
Patch Information
The fix is available in commit fcf9302 of the CloudPirates Helm Charts repository. The patch restructures the workflow so that fork-supplied code no longer executes in a context with access to repository secrets. Consumers who fork or vendor this workflow must apply the equivalent change to their own copies.
Workarounds
- Replace pull_request_target with pull_request for any job that executes fork code, accepting the loss of secret access for those jobs.
- Split workflows so that secret-consuming steps only run on the base branch after merge, never against fork content.
- Require maintainer approval before workflows run on pull requests from first-time contributors using the repository setting under Actions > General.
# Configuration example: safe workflow trigger separation
on:
pull_request:
branches: [main]
push:
branches: [main]
jobs:
test:
# Runs on untrusted fork code WITHOUT secrets
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: helm lint charts/*
publish:
# Runs only on trusted base branch WITH secrets
if: github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Push image
env:
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
run: ./scripts/publish.sh
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
