{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27941", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-25T03:11:36.689Z", "datePublished": "2026-02-26T01:17:22.532Z", "dateUpdated": "2026-02-26T15:54:11.519Z"}, "containers": {"cna": {"title": "OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows", "problemTypes": [{"descriptions": [{"cweId": "CWE-829", "lang": "en", "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/openlit/openlit/security/advisories/GHSA-9jgv-x8cq-296q", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openlit/openlit/security/advisories/GHSA-9jgv-x8cq-296q"}, {"name": "https://github.com/openlit/openlit/commit/4a62039a1659d6cbb8913172693f587b5fc2546c", "tags": ["x_refsource_MISC"], "url": "https://github.com/openlit/openlit/commit/4a62039a1659d6cbb8913172693f587b5fc2546c"}], "affected": [{"vendor": "openlit", "product": "openlit", "versions": [{"version": "< 1.37.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-26T01:17:22.532Z"}, "descriptions": [{"lang": "en", "value": "OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context of the base repository, including a write-privileged `GITHUB_TOKEN` and numerous sensitive secrets (API keys, database/vector store tokens, and a Google Cloud service account key). Version 1.37.1 contains a fix."}], "source": {"advisory": "GHSA-9jgv-x8cq-296q", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T15:52:53.788265Z", "id": "CVE-2026-27941", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:54:11.519Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openlit:openlit_software_development_kit:*:*:*:*:*:python:*:*", "matchCriteriaId": "4A765658-CA39-4F2B-94EF-64D0345C0F1F", "versionEndExcluding": "1.37.1", "versionStartIncluding": "1.36.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context of the base repository, including a write-privileged `GITHUB_TOKEN` and numerous sensitive secrets (API keys, database/vector store tokens, and a Google Cloud service account key). Version 1.37.1 contains a fix."}, {"lang": "es", "value": "OpenLIT es una plataforma de c\u00f3digo abierto para ingenier\u00eda de IA. Antes de la versi\u00f3n 1.37.1, varios flujos de trabajo de GitHub Actions en el repositorio de GitHub de OpenLIT utilizan el evento 'pull_request_target' mientras extraen y ejecutan c\u00f3digo no confiable de solicitudes de extracci\u00f3n bifurcadas. Estos flujos de trabajo se ejecutan con el contexto de seguridad del repositorio base, incluyendo un 'GITHUB_TOKEN' con privilegios de escritura y numerosos secretos sensibles (claves de API, tokens de base de datos/almac\u00e9n vectorial y una clave de cuenta de servicio de Google Cloud). La versi\u00f3n 1.37.1 contiene una correcci\u00f3n."}], "id": "CVE-2026-27941", "lastModified": "2026-03-06T20:06:09.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-26T02:16:22.160", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openlit/openlit/commit/4a62039a1659d6cbb8913172693f587b5fc2546c"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/openlit/openlit/security/advisories/GHSA-9jgv-x8cq-296q"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-829"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.37.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "openlit", "vendor": "openlit"}], "analysis": {"en": {"generated_at": "2026-04-17T14:32:36.055189+00:00", "value": {"mitigation_remediation": ["Upgrade to OpenLIT 1.37.1 or later, which removes the use of pull_request_target in the vulnerable workflows.", "If upgrading immediately is not possible, modify the GitHub Actions configuration to replace pull_request_target with pull_request or another event type that does not run with privileged permissions from forked repos.", "Rotate any secrets that may have been exposed by the compromised workflows and review repository access permissions to limit who can create pull requests from forks."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Vendors affected include OpenLIT, specifically the OpenLIT Software Development Kit. All releases prior to version 1.37.1 are vulnerable because their GitHub Actions workflows incorrectly use the pull_request_target event.", "description_and_impact": "The vulnerability is caused by the misuse of the GitHub Actions \"pull_request_target\" event in several workflows prior to version 1.37.1. When a pull request is opened from a forked repository, the workflow runs with the security context of the base repository, which includes a write\u2011privileged GITHUB_TOKEN and access to many sensitive secrets such as API keys, database tokens, and a Google Cloud service account key. The attacker can supply arbitrary code in the forked pull request, causing that code to be executed under the privileged context of the base repository. This results in remote code execution and secret exposure, enabling the attacker to modify repository contents, deploy malicious code, or exfiltrate confidential credentials.", "risk_and_exploitability": "The CVSS score of 10 indicates the highest possible severity, while an EPSS score of less than 1% suggests a very low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog, but because the attacker only needs to fork the repository and open a pull request\u2014tasks that require no special credentials\u2014the practical attack vector is wide open to anyone with access to GitHub. Once exploited, an attacker can execute arbitrary code, modify production code, and retrieve all secrets exposed to the workflow. Given the critical impact and the ease of the attack path, it is recommended that affected users apply the vendor fix as soon as possible."}}}}, "created": "2026-02-26T13:10:06.942495+00:00", "updated": "2026-04-17T14:45:21.021754+00:00", "vendors": ["openlit", "openlit$PRODUCT$openlit"]}