How is CVE-2026-48547 exploited?

Network reachability (required): The attacker must reach the target service over the network to submit or influence a pull request that triggers the vulnerable workflow. Authentication (required): The attacker must hold at least a low-privilege account with pull request access to the repository; no admin rights are needed. Victim interaction (required): A maintainer or automated process must merge the malicious pull request, making victim action a prerequisite for exploitation. Attack complexity (info): The exploit is reliable and condition-free once the malicious patchNotesData.json fields are in place; no race conditions or special environmental state are required.

What is the impact of CVE-2026-48547?

Executes arbitrary shell commands on the GitHub Actions runner with contents write permissions, enabling the attacker to push commits, tags, or releases to the repository. Exfiltrates the GITHUB_TOKEN secret from the runner environment, which can be used to authenticate against the GitHub API and perform further repository or organization-level actions. Modifies or deletes repository content, CI artifacts, or release assets by abusing the write-level token obtained during exploitation.

Back to search

HIGHCVE-2026-48547Published 2026-06-11Modified 2026-06-11CNA VulnCheck

CVE-2026-48547: KanaDojo < 0.1.18 Command Injection via patchNotesData.json in release.yml

Q: What is CVE-2026-48547?

A command injection vulnerability in KanaDojo (versions before 0.1.18) allows an attacker with pull request access to execute arbitrary shell commands on the GitHub Actions runner. By placing shell metacharacters in the version or changes fields of patchNotesData.json, an attacker's input is passed unsanitized to a child_process.execSync() call inside the release.yml workflow. Successful exploitation gives the attacker code execution in the CI environment with contents write permissions and access to GITHUB_TOKEN. A patched-image rebuild at version 0.1.18 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-48547 fixed?

A patched-image rebuild at KanaDojo 0.1.18 becomes available on HarborGuard for any environment where an affected version is detected. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs regression tests, and opens a PR against affected workloads automatically.

KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes fields of patchNotesData.json, which are interpolated unsanitized into a child_process.execSync() call in the release.yml workflow. Attackers can have a malicious pull request merged to trigger the GitHub Actions runner with contents write permissions and access to GITHUB_TOKEN.

CVSS v4.0: 8.5
Severity: HIGH
Fixed in: 0.1.18
Affected Products: 1

HarborGuard Analysis

Synopsis

A command injection vulnerability in KanaDojo (versions before 0.1.18) allows an attacker with pull request access to execute arbitrary shell commands on the GitHub Actions runner. By placing shell metacharacters in the version or changes fields of patchNotesData.json, an attacker's input is passed unsanitized to a child_process.execSync() call inside the release.yml workflow. Successful exploitation gives the attacker code execution in the CI environment with contents write permissions and access to GITHUB_TOKEN. A patched-image rebuild at version 0.1.18 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle KanaDojo or its workflow artifacts. Any image or pipeline artifact pinned to a version below 0.1.18 will surface as affected.

Available

Triage

HarborGuard scores this finding at CVSS 8.5 (HIGH) and weights it further according to each environment's compliance policy, for example elevating priority where CI/CD supply-chain controls are enforced. Findings are routed to the appropriate team inbox inside each customer organization based on configured ownership rules.

Available

Patch

A patched-image rebuild at KanaDojo 0.1.18 becomes available on HarborGuard for any environment where an affected version is detected. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs regression tests, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the target service over the network to submit or influence a pull request that triggers the vulnerable workflow.
AuthenticationRequired
The attacker must hold at least a low-privilege account with pull request access to the repository; no admin rights are needed.
Victim interactionRequired
A maintainer or automated process must merge the malicious pull request, making victim action a prerequisite for exploitation.
Attack complexityDetail
The exploit is reliable and condition-free once the malicious patchNotesData.json fields are in place; no race conditions or special environmental state are required.

Blast Radius

Executes arbitrary shell commands on the GitHub Actions runner with contents write permissions, enabling the attacker to push commits, tags, or releases to the repository.
Exfiltrates the GITHUB_TOKEN secret from the runner environment, which can be used to authenticate against the GitHub API and perform further repository or organization-level actions.
Modifies or deletes repository content, CI artifacts, or release assets by abusing the write-level token obtained during exploitation.

How HarborGuard Handles This

Available on HarborGuard: the platform ingests this CVE and immediately matches it against all customer images and pipeline artifacts running KanaDojo below 0.1.18. Where compliance policy permits, a patched rebuild at version 0.1.18 is queued automatically; for customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression suite, and opens a PR against affected workloads. Median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Customers who have not yet enabled auto-remediation will see the finding flagged in their HarborGuard dashboard with remediation guidance pointing to the 0.1.18 release. As an interim compensating control, restricting which contributors can modify patchNotesData.json via branch protection rules or CODEOWNERS, and replacing the execSync call with a parameterized alternative, reduces exposure until the patched version is deployed.

See how HarborGuard automates this

Fix available

0.1.18

Affected packages

lingdojo / kana-dojo
< 0.1.18 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References

github.com

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available