{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/sherlock-project/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["sherlock-project/sherlock","github.com"],"_cs_severities":["critical"],"_cs_tags":["cve","github_actions","rce","supply_chain"],"_cs_type":"advisory","_cs_vendors":["GitHub","sherlock-project"],"content_html":"\u003cp\u003eCVE-2026-44590 is a critical command injection vulnerability found in the \u003ccode\u003evalidate_modified_targets.yml\u003c/code\u003e GitHub Actions workflow of the sherlock-project/sherlock repository. Discovered and reported by Astaruf, this vulnerability allows any GitHub user to open a pull request that triggers arbitrary command execution within the privileged Continuous Integration (CI) environment. The vulnerability stems from the \u003ccode\u003epull_request_target\u003c/code\u003e event, which, without proper input sanitization, permits the injection of malicious commands into the workflow. This exploit allows attackers to exfiltrate the \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e and automatically approve malicious pull requests, potentially leading to supply chain compromise without any human review. The proof-of-concept (PoC) automates the entire attack chain, highlighting the severity and ease of exploitation of this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker forks the \u003ccode\u003esherlock-project/sherlock\u003c/code\u003e repository.\u003c/li\u003e\n\u003cli\u003eAttacker creates a malicious branch with a crafted payload designed to inject commands into the \u003ccode\u003evalidate_modified_targets.yml\u003c/code\u003e workflow.\u003c/li\u003e\n\u003cli\u003eThe attacker opens a pull request (PR) targeting the \u003ccode\u003emaster\u003c/code\u003e branch of their fork, triggering the \u003ccode\u003epull_request_target\u003c/code\u003e event.\u003c/li\u003e\n\u003cli\u003eThe GitHub Actions workflow executes the injected payload, which can include commands to exfiltrate sensitive information.\u003c/li\u003e\n\u003cli\u003eThe injected payload extracts the \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e from the workflow environment by reading \u003ccode\u003egit config --list\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe stolen \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e is used to authenticate against the GitHub API.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen token to automatically approve the malicious pull request via the GitHub API, specifically the \u003ccode\u003ePOST /repos/{owner}/{repo}/pulls/{pull_number}/reviews\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe malicious PR is merged, resulting in a supply chain compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-44590 can lead to a full supply chain compromise. An attacker could inject malicious code into the \u003ccode\u003esherlock-project/sherlock\u003c/code\u003e repository (or forks thereof), potentially affecting all users of the software. The automated nature of the attack, involving token exfiltration and automatic PR approval, significantly increases the risk, reducing the need for manual interaction.  The impact is substantial as it allows for code injection into the project\u0026rsquo;s codebase, potentially affecting all downstream users and dependencies.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor GitHub Actions workflow execution logs for unusual command invocations, particularly those involving \u003ccode\u003egit config --list\u003c/code\u003e, using a webserver rule on product \u003ccode\u003elinux\u003c/code\u003e that examines HTTP request headers.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization in GitHub Actions workflows, particularly when using the \u003ccode\u003epull_request_target\u003c/code\u003e trigger, to prevent command injection as described in CVE-2026-44590.\u003c/li\u003e\n\u003cli\u003eEnforce strict branch protection rules and require code review by multiple trusted developers before merging any pull requests, even those approved by GitHub Actions.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Sherlock GitHub Actions Workflow Activity\u003c/code\u003e to detect potential exploitation attempts by monitoring process creation events.\u003c/li\u003e\n\u003cli\u003eReview and audit existing GitHub Actions workflows for similar vulnerabilities and apply necessary security patches or mitigations.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T17:30:00Z","date_published":"2024-01-03T17:30:00Z","id":"/briefs/2024-01-sherlock-rce/","summary":"A command injection vulnerability, identified as CVE-2026-44590, exists in the `validate_modified_targets.yml` GitHub Actions workflow of sherlock-project/sherlock. A malicious pull request can trigger arbitrary command execution in the privileged CI context, allowing attackers to exfiltrate the GITHUB_TOKEN and auto-approve the malicious PR without human interaction, effectively leading to a supply chain compromise.","title":"sherlock-project/sherlock GitHub Actions RCE via pull_request_target Injection (CVE-2026-44590)","url":"https://feed.craftedsignal.io/briefs/2024-01-sherlock-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Sherlock-Project","version":"https://jsonfeed.org/version/1.1"}