← voltar
CVE-2026-14967

Path traversal in github_workflows allows writing artifacts outside output directory

CVSS 3.1 LOWEPSS 0.2%CWE-22
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 3.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 jul 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
BBOT's `github_workflows` module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve `..`, so a crafted `CODE_REPOSITORY` URL could traverse out of the intended folder. The write is bounded to two directory levels above the output location and its target is determined by the operator's configuration, not the attacker.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N