CVE-2026-44246

Name of the Vulnerable Software and Affected Versions nU-Net versions prior to 2.4.1

Description The Issue Triage workflow in .github/workflows/issue-triage.yml is susceptible to Agentic Workflow Injection. The workflow assigns the allowed non write users variable to ${{ github.event.issue.user.login }}, allowing any authenticated GitHub user who opens an issue to trigger the workflow with controlled content. Untrusted issue titles and bodies are embedded directly into the prompt of anthropics/claude-code-action, which executes a command-capable Claude agent with permissions to relabel and comment on issues via gh. An attacker can submit a crafted issue to manipulate the agent into performing actions beyond its intended triage purpose.

Recommendations Update to version 2.4.1.