CVE-2026-42298

Name of the Vulnerable Software and Affected Versions Postiz versions prior to commit da44801

Description A Pwn Request issue in the Build and Publish PR Docker Image workflow located in '.github/workflows/pr-docker-build.yml' allows unauthenticated users to execute arbitrary code during the Docker build process. This occurs when a Pull Request is opened from a fork containing a maliciously modified Dockerfile.dev, which can lead to the exfiltration of a highly privileged GITHUB TOKEN with write-all permissions.

Recommendations Update to the version containing commit da44801.