Security Advisory

CVE-2026-42603

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-11 16:11:55

Last updated 2026-05-11 17:27:55

Assigner GitHub_M

State PUBLISHED

Description

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_target (privileged trigger) but checks out and executes code directly from the attackers fork, enabling RCE with write permissions. This vulnerability is fixed in 2.1.2.

← Browse all CVEs View on cve.org ↗