Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-45131

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens without requiring maintainer approval. This issue has been patched via commit fcf9302.

View on NVD

Analysis

Esta vulnerabilidad en los Helm Charts de CloudPirates permite a un atacante ejecutar código arbitrario a través de un pull request malicioso en GitHub Actions. El fallo expone secretos críticos del repositorio, como credenciales de Docker Hub y tokens de acceso, facilitando el compromiso total de la cadena de suministro de software. Es indispensable actualizar para proteger los flujos de CI/CD y la infraestructura de despliegue.

Relevant roles

KubernetesDockerCloudCyberSecurityBackend

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: NONE
Weakness (CWE): CWE-94

EPSS

No EPSS score yet (CVE may be too fresh).

Technical description

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens without requiring maintainer approval. This issue has been patched via commit fcf9302.

Published: 6/1/2026, 5:17:08 PM
Last modified: 6/1/2026, 6:14:29 PM

References

HomeEventsBlogResourcesTeam