How is CVE-2026-58370 exploited?

Network reachability (required): The attacker must be able to reach the Woodpecker instance over the network by submitting a merge request from a fork, which causes GitLab to send a webhook with the crafted payload. Authentication (not-required): No Woodpecker account or privileged access is needed; the attacker only needs the ability to open a merge request on the target GitLab repository, which is typically available to any authenticated GitLab user on public or open projects. Victim interaction (not-required): No victim action is required; the pipeline trigger fires automatically when the merge request webhook is received by Woodpecker. Attack complexity (info): Attack complexity is rated High because exploitation depends on a prerequisite condition: the attacker must know or guess a username that appears in the ApprovalAllowedUsers list in order to craft the matching commit author name.

What is the impact of CVE-2026-58370?

Reads all CI secrets and environment variables exposed to the pipeline run, including registry credentials, API tokens, and signing keys. Executes arbitrary commands on the Woodpecker agent host within the pipeline execution context. Modifies build artifacts or injects malicious code into the build output before it is published or deployed. Causes denial of service for legitimate pipeline runs by exhausting agent capacity or corrupting shared state.

Back to search

CRITICALCVE-2026-58370Published 2026-06-30Modified 2026-06-30CNA VulnCheck

CVE-2026-58370: Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name

Q: What is CVE-2026-58370?

This is an authentication bypass vulnerability in Woodpecker CI's GitLab forge driver affecting versions before 3.15.0. It is reachable over the network without any credentials, because the bypass exploits attacker-controlled data in a GitLab webhook payload rather than requiring a valid account on the Woodpecker instance itself. Successful exploitation lets an attacker run arbitrary pipeline steps on a Woodpecker agent and exfiltrate any CI secrets exposed to that pipeline run. A patched-image rebuild at version 3.15.0 is available on HarborGuard for environments running an affected version.

Q: How is CVE-2026-58370 fixed?

A patched-image rebuild at Woodpecker 3.15.0 becomes available on HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard can trigger a rebuild, run regression tests, and open a pull request against affected workloads automatically.

Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name (commit.author.name) carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A user who can open a merge request from a fork can set the commit author name to match an entry in ApprovalAllowedUsers, causing needsApproval to return false so the pipeline runs without the required approval. This defeats the fork-approval security boundary and allows execution of attacker-controlled pipeline steps on a Woodpecker agent and exfiltration of CI secrets exposed to the run. Other built-in forge drivers (Gitea, Forgejo, GitHub, Bitbucket) derive pipeline.Author from the forge-validated sender/actor identity and are not affected.

CVSS v4.0: 9.2
Severity: CRITICAL
Fixed in: 3.15.0
Affected Products: 1

HarborGuard Analysis

Synopsis

This is an authentication bypass vulnerability in Woodpecker CI's GitLab forge driver affecting versions before 3.15.0. It is reachable over the network without any credentials, because the bypass exploits attacker-controlled data in a GitLab webhook payload rather than requiring a valid account on the Woodpecker instance itself. Successful exploitation lets an attacker run arbitrary pipeline steps on a Woodpecker agent and exfiltrate any CI secrets exposed to that pipeline run. A patched-image rebuild at version 3.15.0 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-58370 is available across every HarborGuard environment. The CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI pipelines, including custom-built Woodpecker images.

Available

Triage

Triage is available with a CVSS v4.0 score of 9.2 (CRITICAL), weighted against each customer organization's compliance policy to prioritize routing. Findings are surfaced to the appropriate team inbox within each customer environment based on configured ownership rules.

Available

Patch

A patched-image rebuild at Woodpecker 3.15.0 becomes available on HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard can trigger a rebuild, run regression tests, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must be able to reach the Woodpecker instance over the network by submitting a merge request from a fork, which causes GitLab to send a webhook with the crafted payload.
AuthenticationNot required
No Woodpecker account or privileged access is needed; the attacker only needs the ability to open a merge request on the target GitLab repository, which is typically available to any authenticated GitLab user on public or open projects.
Victim interactionNot required
No victim action is required; the pipeline trigger fires automatically when the merge request webhook is received by Woodpecker.
Attack complexityDetail
Attack complexity is rated High because exploitation depends on a prerequisite condition: the attacker must know or guess a username that appears in the ApprovalAllowedUsers list in order to craft the matching commit author name.

Blast Radius

Reads all CI secrets and environment variables exposed to the pipeline run, including registry credentials, API tokens, and signing keys.
Executes arbitrary commands on the Woodpecker agent host within the pipeline execution context.
Modifies build artifacts or injects malicious code into the build output before it is published or deployed.
Causes denial of service for legitimate pipeline runs by exhausting agent capacity or corrupting shared state.

How HarborGuard Handles This

Available on HarborGuard: images containing Woodpecker versions below 3.15.0 are flagged automatically within minutes of CVE ingestion, across both registry-stored and pipeline-built images. Given the CRITICAL severity (CVSS 9.2), this CVE is prioritized at the top of the triage queue and routed to the team inbox configured for infrastructure or CI/CD ownership in each customer environment. For customers with auto-remediation enabled, HarborGuard can trigger a rebuild pinned to Woodpecker 3.15.0, execute the configured regression test suite against the new image, and open a pull request against affected workload manifests; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled. Where compliance policy requires manual approval before remediation, the finding is surfaced with full remediation context so the responsible team can act immediately. As an interim compensating control while upgrade is pending, customers can apply network policy to restrict which external users can submit merge requests to affected repositories, and can audit the ApprovalAllowedUsers list to reduce the set of names an attacker could target.

See how HarborGuard automates this

Fix available

3.15.0

Patch commits

Fix Commit

Affected packages

woodpecker-ci / woodpecker
< 3.15.0 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available