How is CVE-2026-45131 exploited?

Network reachability (required): The attacker reaches the target over the network by submitting a fork pull request to the public GitHub repository, with no need for local or physical access. Authentication (not-required): No GitHub account privileges are required beyond the ability to open a pull request, which is available to any unauthenticated or anonymous-registered user. Victim interaction (not-required): The vulnerable workflow triggers automatically on pull_request_target events without any maintainer review or approval action. Attack complexity (info): Exploitation is reliable and condition-free; the attacker simply submits a fork PR and the privileged workflow executes their code unconditionally.

What is the impact of CVE-2026-45131?

Reads repository secrets in their entirety, including Docker Hub credentials and access tokens scoped to the repository. Uses exfiltrated Docker Hub credentials to push malicious or backdoored images to the project's container registries. Modifies repository contents or published Helm chart artifacts by leveraging the token permissions granted to the workflow context.

Back to search

CRITICALCVE-2026-45131Published 2026-06-01Modified 2026-06-01CNA GitHub_M

CVE-2026-45131: CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens without requiring maintainer approval. This issue has been patched via commit fcf9302.

CVSS v3.1: 10.0
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a CI/CD privilege-escalation vulnerability in the CloudPirates Open Source Helm Charts GitHub Actions workflow. An unauthenticated external attacker can open a fork pull request that triggers the pull-request.yaml workflow in a privileged context, where it runs attacker-controlled code with access to repository secrets. Successful exploitation gives the attacker full read access to secrets such as Docker Hub credentials and tokens, and the ability to tamper with any resource those credentials can reach. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix version is published to a package registry.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images and pipeline configurations, including custom-built images that bundle or depend on the affected Helm chart sources.

Available

Triage

HarborGuard scores this finding at CVSS 10.0 (Critical) and weights it against each environment's compliance policy to determine priority and routing, surfacing it to the appropriate team inbox within each customer organization.

Available

Patch

Because no fixed release version has been published to a package registry yet, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment the upstream project publishes a fix version. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be triggered without manual intervention as soon as that upstream fix is available.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker reaches the target over the network by submitting a fork pull request to the public GitHub repository, with no need for local or physical access.
AuthenticationNot required
No GitHub account privileges are required beyond the ability to open a pull request, which is available to any unauthenticated or anonymous-registered user.
Victim interactionNot required
The vulnerable workflow triggers automatically on pull_request_target events without any maintainer review or approval action.
Attack complexityDetail
Exploitation is reliable and condition-free; the attacker simply submits a fork PR and the privileged workflow executes their code unconditionally.

Blast Radius

Reads repository secrets in their entirety, including Docker Hub credentials and access tokens scoped to the repository.
Uses exfiltrated Docker Hub credentials to push malicious or backdoored images to the project's container registries.
Modifies repository contents or published Helm chart artifacts by leveraging the token permissions granted to the workflow context.

How HarborGuard Handles This

Available on HarborGuard: because no fixed release version exists yet, the platform monitors this advisory on every ingest cycle and will trigger a patched-image rebuild and, for customers with auto-remediation enabled, a regression run plus PR against affected workloads the moment the CloudPirates project publishes a fix. In the interim, compensating controls available through HarborGuard policy include flagging any image or pipeline artifact that references the affected helm-charts repository at a commit older than fcf9302, isolating those workloads via network policy, and gating deployments behind a manual approval step until the upstream fix lands. Customers who want to act immediately can pin their Helm chart source to commit fcf930211604652aec15085895b6457bc8b73b54 directly; HarborGuard will recognize that pinned commit as the patched state once the advisory is updated to reflect it.

See how HarborGuard automates this

Affected packages

CloudPirates-io / helm-charts
< fcf930211604652aec15085895b6457bc8b73b54

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

References

Metrics

Get notified