{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/pull-request/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["composer/coreshop/core-shop (= 5.0.0)","github.com"],"_cs_severities":["high"],"_cs_tags":["github-actions","rce","pull-request"],"_cs_type":"advisory","_cs_vendors":["Composer"],"content_html":"\u003cp\u003eCoreShop is vulnerable to a remote code execution (RCE) vulnerability (CVE-2026-41249) due to an insecure configuration of the \u003ccode\u003epull_request_target\u003c/code\u003e trigger in its GitHub Actions workflow (\u003ccode\u003e.github/workflows/static.yml\u003c/code\u003e). The workflow dangerously checks out unverified code from the pull request head (\u003ccode\u003eref: ${{ github.event.pull_request.head.ref }}\u003c/code\u003e) and executes a script (\u003ccode\u003ebin/console\u003c/code\u003e) from this untrusted checkout. This allows any external attacker to achieve Remote Code Execution (RCE) on the GitHub Actions runner simply by submitting a malicious Pull Request, also known as a \u0026ldquo;Pwn Request\u0026rdquo; vulnerability. The vulnerable version is confirmed to be 5.0.0 of the CoreShop component.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker forks the target CoreShop repository.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies a file within the forked repository that satisfies the \u003ccode\u003epaths\u003c/code\u003e condition defined in the \u003ccode\u003estatic.yml\u003c/code\u003e workflow, such as \u003ccode\u003esrc/dummy.php\u003c/code\u003e or \u003ccode\u003ecomposer.json\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload and injects it into the \u003ccode\u003ebin/console\u003c/code\u003e file within their forked repository. This payload is designed to execute arbitrary commands on the GitHub Actions runner.\u003c/li\u003e\n\u003cli\u003eThe attacker commits the changes, including the modified \u003ccode\u003ebin/console\u003c/code\u003e file, to their forked repository.\u003c/li\u003e\n\u003cli\u003eThe attacker opens a pull request (PR) targeting the \u003ccode\u003e5.0\u003c/code\u003e or \u003ccode\u003enext\u003c/code\u003e branch of the original CoreShop repository.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eStatic Tests\u003c/code\u003e workflow is automatically triggered upon receiving the pull request.\u003c/li\u003e\n\u003cli\u003eThe workflow executes the \u003ccode\u003ebin/console\u003c/code\u003e script from the attacker\u0026rsquo;s branch, resulting in the execution of the malicious payload within the GitHub Actions runner environment.\u003c/li\u003e\n\u003cli\u003eThe attacker obtains RCE within the runner\u0026rsquo;s context, gaining access to secrets and potentially modifying repository contents.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an attacker to execute arbitrary code within the GitHub Actions runner environment. Because \u003ccode\u003epull_request_target\u003c/code\u003e runs in the context of the base repository, the runner has access to repository secrets (e.g., \u003ccode\u003ePIMCORE_SECRET\u003c/code\u003e, \u003ccode\u003ePIMCORE_PRODUCT_KEY\u003c/code\u003e) loaded in the environment. An attacker can exfiltrate these secrets, modify repository contents (if the token has write permissions), or abuse the runner\u0026rsquo;s computing resources. This can lead to sensitive data exposure, code tampering, and resource hijacking.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eModify the GitHub Actions workflow (\u003ccode\u003e.github/workflows/static.yml\u003c/code\u003e) to avoid checking out untrusted PR code (\u003ccode\u003ehead.ref\u003c/code\u003e) when using \u003ccode\u003epull_request_target\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement a separated architecture using the \u003ccode\u003eworkflow_run\u003c/code\u003e event, as suggested in the overview.\u003c/li\u003e\n\u003cli\u003eMonitor GitHub Actions logs for suspicious execution of \u003ccode\u003ebin/console\u003c/code\u003e with unexpected commands, using the detection rules provided below.\u003c/li\u003e\n\u003cli\u003eApply the recommended mitigation from the advisory (\u003ca href=\"https://github.com/advisories/GHSA-q58j-g3f4-h26h)\"\u003ehttps://github.com/advisories/GHSA-q58j-g3f4-h26h)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T13:22:02Z","date_published":"2026-05-14T13:22:02Z","id":"https://feed.craftedsignal.io/briefs/2026-05-coreshop-rce/","summary":"CoreShop is vulnerable to remote code execution (RCE) via insecure `pull_request_target` configuration, allowing attackers to execute arbitrary code on the GitHub Actions runner by submitting a malicious pull request and potentially exfiltrate secrets or modify repository contents; tracked as CVE-2026-41249.","title":"CoreShop Remote Code Execution via Malicious Pull Request","url":"https://feed.craftedsignal.io/briefs/2026-05-coreshop-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Pull-Request","version":"https://jsonfeed.org/version/1.1"}