DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-F67F-HCR6-94MF: GHSA-f67f-hcr6-94mf: OS Command Injection in Zen-Ai-Pentest GitHub Actions Workflows

#security #cve #cybersecurity #ghsa

GHSA-f67f-hcr6-94mf: OS Command Injection in Zen-Ai-Pentest GitHub Actions Workflows

Vulnerability ID: GHSA-F67F-HCR6-94MF
CVSS Score: 9.3
Published: 2026-03-20

A critical OS command injection vulnerability exists in multiple GitHub Actions workflows within the SHAdd0WTAka/Zen-Ai-Pentest repository. The vulnerability allows unauthenticated attackers to execute arbitrary shell commands on the GitHub runner by submitting specially crafted issue titles, leading to the exfiltration of repository secrets.

TL;DR

Unauthenticated OS command injection in Zen-Ai-Pentest GitHub Actions workflows allows attackers to steal repository secrets by opening malicious issues.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-78
  • Attack Vector: Network
  • CVSS v3.1 Score: 9.3
  • Impact: High Confidentiality, High Integrity
  • Exploit Status: Proof of Concept Available

Affected Systems

  • GitHub Actions
  • SHAdd0WTAka/Zen-Ai-Pentest
  • SHAdd0WTAka/Zen-Ai-Pentest: <= 07e65c72656a8213fc9ece2b3f4fc719032cfc5d (Fixed in: 26c4e07df780f11b7e901ad2d88b3dc5ce8a1aca)

Code Analysis

Commit: 26c4e07

Fix script injection vulnerability by using intermediate environment variables

Migrated ${{ github.event.issue.title }} from run block direct interpolation to env block assignment.
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • PoC: Issue title subshell injection payload for exfiltrating workflow secrets

Mitigation Strategies

  • Map untrusted GitHub context variables to intermediate environment variables
  • Audit workflows for direct interpolation of ${{ }} expressions in run blocks
  • Rotate all potentially exposed repository secrets (Discord/Telegram webhooks)

Remediation Steps:

  1. Update repository to commit 26c4e07df780f11b7e901ad2d88b3dc5ce8a1aca or later
  2. Identify and revoke all Discord webhooks and Telegram bot tokens previously configured in the repository
  3. Generate new secrets and update the repository configuration
  4. Review all other workflows for similar script injection vulnerabilities

References

Read the full report for GHSA-F67F-HCR6-94MF on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)