CVE-2026-34042

Name of the Vulnerable Software and Affected Versions act versions prior to 0.2.86

Description act, a project for running GitHub Actions locally, has an issue where the built-in actions/cache server listens on all interfaces, potentially allowing unauthorized access from the internet. This allows attackers to create caches with arbitrary keys and retrieve existing caches. If an attacker can predict the cache keys used by local actions, they can create malicious caches containing arbitrary files, potentially leading to arbitrary remote code execution within the Docker container.

Recommendations Update to version 0.2.86 or later.