HarborGuard / CVE
Back to search
CRITICALCVE-2026-44590Published Modified CNA GitHub_M

CVE-2026-44590: Sherlock: Command Injection via pull_request_target in validate_modified_targets.yml

Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to command injection via the pull_request_target trigger. Any GitHub user can execute arbitrary commands on the CI runner and exfiltrate the GITHUB_TOKEN by opening a pull request. No approval, review, or merge is required. This vulnerability is fixed in 0.16.1.

HarborGuard Analysis

HarborGuard analysis

Synopsis

Command injection in the Sherlock open-source tool (sherlock-project/sherlock) allows any GitHub user to run arbitrary commands on the CI runner by opening a pull request against the repository. The flaw lives in the validate_modified_targets.yml GitHub Actions workflow, which uses the pull_request_target trigger without guarding against untrusted input; no authentication, approval, or review step is required before the injected commands execute. Successful exploitation lets an attacker exfiltrate the GITHUB_TOKEN and make high-integrity modifications to the repository or its CI environment. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection for CVE-2026-44590 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle Sherlock or embed its workflow files. No manual feed configuration is required for coverage to apply.

Available
Triage

HarborGuard scores this finding at CVSS 9.3 Critical (v3.1) and weights it against each environment's compliance policy to determine escalation priority. Triage routing is available to deliver the finding to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

No fix version has been published upstream for CVE-2026-44590; HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment the upstream project ships a remediated release. For customers who opt into auto-remediation, the rebuild, regression test run, and PR against affected workloads will be triggered without manual intervention once a fix version appears.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker reaches the target over the network by opening a GitHub pull request against the affected repository; no special network position is needed beyond standard internet access.

  • AuthenticationNot required

    Any GitHub user can open a pull request without holding any privileged account or repository role; no credentials beyond a free GitHub account are required.

  • Victim interactionNot required

    The pull_request_target workflow trigger fires automatically on pull request creation; no maintainer review, approval, or merge action is needed for the injected commands to execute.

  • Attack complexityDetail

    Exploitation is reliable and condition-free; no race condition, memory layout dependency, or environmental prerequisite stands between the attacker and code execution on the CI runner.

Blast Radius

  • Attacker executes arbitrary shell commands on the CI runner, enabling exfiltration of the GITHUB_TOKEN from the workflow environment.
  • With the GITHUB_TOKEN in hand, the attacker can push commits, modify branches, alter release artifacts, or tamper with other workflow files in the repository.
  • Partial read access to the runner environment exposes environment variables, mounted secrets, and any credentials passed into the workflow by other jobs or callers.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix version exists for CVE-2026-44590, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild the moment sherlock-project publishes a remediated release. For customers who opt into auto-remediation, that rebuild triggers immediately alongside a regression test run and a PR opened against affected workloads. In the interim, compensating controls worth applying include restricting the pull_request_target trigger by adding an explicit environment-protection gate requiring maintainer approval before the workflow runs, using network-policy rules to block outbound exfiltration from CI runners, and auditing any workflow that inherits elevated token permissions. Where compliance policy permits, HarborGuard can flag any image or pipeline artifact containing the affected workflow file for manual review until the upstream patch is available.

See how HarborGuard automates this

Metrics

CVSS v3.1
9.3
Severity
CRITICAL
Fixed in
Affected Products
1
Affected packages
  • sherlock-project / sherlock
    < 0.16.1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N
References