PT-2026-45467 · Cloudpirates Io · Cloudpirates Open Source Helm Charts

Avivdon

Published

2026-06-01

Updated

2026-06-12

CVE-2026-45131

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions CloudPirates Open Source Helm Charts versions prior to commit fcf9302

Description A GitHub Actions workflow in the pull-request.yaml file executes attacker-controlled code from fork pull requests within a privileged context. This allows for the exfiltration of repository secrets, such as Docker Hub credentials and tokens, without requiring approval from a maintainer.

Recommendations Update to the version containing commit fcf9302.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2026-45131

Affected Products

Cloudpirates Open Source Helm Charts

PT-2026-45467 · Cloudpirates Io · Cloudpirates Open Source Helm Charts

CVE-2026-45131

Weakness Enumeration

Related Identifiers

Affected Products

References · 6