CVE-2026-22869

Name of the Vulnerable Software and Affected Versions Eigent (affected versions not specified)

Description A critical security flaw exists in the CI workflow file (.github/workflows/ci.yml). This flaw permits arbitrary code execution originating from pull requests submitted from forked repositories that possess repository write permissions. The vulnerability stems from the use of the pull request target trigger in conjunction with the checkout of code from untrusted pull requests. Exploitation could allow an attacker to steal credentials, post comments, push code, or create releases.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.