CVE-2026-45132

Published: Giu 01, 2026 Last Modified: Giu 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 10,0

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposes sensitive credentials (Personal Access Token and SSH signing key) to fork-controlled code due to unsafe checkout and credential handling practices. This issue has been patched via commit fcf9302.

Improper Control of Generation of Code ('Code Injection')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality Availability Non-Repudiation

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Hide Activities

Applicable Platforms

Languages: Interpreted

Technologies: AI/ML

Likelihood of Exploit: Medium

View CWE Details

https://github.com/CloudPirates-io/helm-charts/commit/fcf93…

https://github.com/CloudPirates-io/helm-charts/commit/fcf930211604652aec1508589…

https://github.com/CloudPirates-io/helm-charts/security/adv…

https://github.com/CloudPirates-io/helm-charts/security/advisories/GHSA-r874-j8…

CVE-2026-45132

Description

Improper Control of Generation of Code ('Code Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter