CVE-2026-45132 Overview
CVE-2026-45132 affects CloudPirates Open Source Helm Charts, a collection of Helm charts distributed via GitHub. The vulnerability resides in the generate-schema.yaml GitHub Actions workflow. Prior to commit fcf9302, the workflow performs an unsafe checkout of fork-controlled code while exposing sensitive credentials, including a Personal Access Token (PAT) and an SSH signing key. Attackers can submit a pull request from a fork to trigger code execution within a privileged workflow context, leading to credential theft. The maintainers patched the issue in commit fcf9302. This issue is classified under CWE-94: Improper Control of Generation of Code.
Critical Impact
Successful exploitation lets a fork contributor steal repository credentials and SSH signing material, enabling supply chain tampering of published Helm charts.
Affected Products
- CloudPirates Open Source Helm Charts repository at commits prior to fcf9302
- The generate-schema.yaml GitHub Actions workflow
- Downstream consumers of CloudPirates-signed Helm chart artifacts
Discovery Timeline
- 2026-06-01 - CVE-2026-45132 published to NVD
- 2026-06-01 - Last updated in NVD database
Technical Details for CVE-2026-45132
Vulnerability Analysis
The flaw is a classic GitHub Actions pull_request_target style misconfiguration. The generate-schema.yaml workflow checks out code from a contributor fork and runs it with access to repository secrets. Because the checked-out code is attacker-controlled, any script invoked by the workflow inherits the elevated context. The workflow exposes a Personal Access Token used for repository write operations and an SSH signing key used to sign commits and releases. An attacker who controls a fork can read both secrets from the workflow environment and exfiltrate them. With the PAT, the attacker can push to the repository. With the signing key, the attacker can forge signatures that downstream Helm chart consumers treat as authentic.
Root Cause
The root cause is unsafe handling of untrusted input combined with privileged credential exposure. The workflow trusts code originating from forks during checkout, and it mounts secrets into the same job that executes that untrusted code. Neither isolation nor input validation separates the credential-handling step from contributor-controlled scripts.
Attack Vector
Exploitation requires no authentication beyond the ability to open a pull request, which GitHub permits to any user. The attacker forks the repository, modifies a script consumed by generate-schema.yaml, and opens a pull request. When the workflow triggers, the malicious code reads GITHUB_TOKEN, the configured PAT, and the SSH signing key from the runner environment and transmits them to an attacker-controlled endpoint. Refer to the GitHub Security Advisory GHSA-r874-j8fr-x2pj for the maintainer description.
Detection Methods for CVE-2026-45132
Indicators of Compromise
- Pull requests from unfamiliar forks that modify scripts referenced by generate-schema.yaml or related build files
- Outbound network connections from GitHub-hosted runners to unexpected domains during workflow execution
- Unexpected commits signed with the CloudPirates SSH signing key originating from non-maintainer accounts
- Use of the repository PAT from IP addresses or user agents outside the normal CI baseline
Detection Strategies
- Review GitHub Actions run logs for the generate-schema.yaml workflow executed on commits prior to fcf9302
- Audit GitHub audit log entries for PAT usage and SSH key operations during the exposure window
- Scan public paste sites and code search engines for fragments of the leaked PAT or SSH key material
- Inspect Helm chart release signatures against expected signer identity and commit history
Monitoring Recommendations
- Alert on any workflow that combines pull_request_target triggers with secret access
- Monitor signing key fingerprints used on published artifacts and compare against an allowlist
- Track new tags, releases, and branch protection rule changes in the repository for anomalies
How to Mitigate CVE-2026-45132
Immediate Actions Required
- Update the repository to commit fcf9302 or later, which contains the fix
- Revoke and rotate the Personal Access Token referenced by generate-schema.yaml
- Revoke and reissue the SSH signing key, then update allowed signers for downstream verification
- Review every workflow run of generate-schema.yaml since the workflow was introduced for signs of abuse
Patch Information
The maintainers fixed the vulnerability in commit fcf930211604652aec15085895b6457bc8b73b54. The patch removes unsafe checkout of fork-controlled refs from privileged workflow contexts and restructures credential handling so that secrets are not exposed to untrusted code paths.
Workarounds
- Disable the generate-schema.yaml workflow until the patched commit is deployed
- Restrict workflow execution on pull requests from forks via the repository Actions settings
- Split secret-using steps into a separate workflow triggered only on trusted refs, using pull_request rather than pull_request_target
- Store signing keys in a hardware-backed or cloud KMS service rather than as a raw GitHub secret
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
