CVE-2026-45131

10.0 CRITICAL

CloudPirates Open Source Helm Charts is a collection of Helm charts

Published: 2026-06-01 · Last updated: 2026-06-01

Severity and scoring

CVSS: 10.0 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CWE: CWE-94

Description

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens without requiring maintainer approval. This issue has been patched via commit fcf9302.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-50223 — Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with C...
CVE-2026-45558 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (9.9 CRITICAL)
CVE-2026-46517 — LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
CVE-2026-46432 — LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
CVE-2026-47292 — Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally (7.8 HIGH)