Description
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/workflows/ci.yml) allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull_request_target trigger combined with checkout of untrusted PR code. An attacker can exploit this to steal credentials, post comments, push code, or create releases.
Published: 2026-01-13
Score: 8.9 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The Eigent multi‑agent platform contains a flaw in its CI workflow configuration that triggers on pull_request_target events and checks out code from the pull request. Because the workflow runs with repository permissions, an attacker can inject malicious steps, resulting in arbitrary code execution. This CVE is a classic input‑validation and injection issue, categorized as CWE‑94. An attacker can read secrets, create new releases, push code, and post comments.

Affected Systems

Eigent, the workforce automation tool owned by eigent-ai. The vulnerability exists in any release that contains the unpatched ci.yml workflow file; the specific affected versions are not listed.

Risk and Exploitability

The vulnerability has a CVSS score of 8.9, indicating high severity. The EPSS score is below 1%, suggesting low probability of exploitation currently, and the issue is not listed in the CISA KEV catalog. Exploitation requires the workflow to run with pull_request_target on a repository that allows forked pull requests with write permissions. Once triggered, the attacker can run any code with the workflow’s permissions, including accessing secrets and pushing changes.

Generated by OpenCVE AI on April 18, 2026 at 06:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch provided in commit bf02500bbbab0f01cd0ed8e6dc21fe5683d6bfb5 from PR #836/837.
  • Replace or remove the pull_request_target trigger so the workflow does not checkout untrusted pull request code.
  • Restrict forked pull requests to read‑only access or enforce a mandatory code review before merging.

Generated by OpenCVE AI on April 18, 2026 at 06:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 29 Jan 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Eigent
Eigent eigent
CPEs cpe:2.3:a:eigent:eigent:*:*:*:*:*:*:*:*
Vendors & Products Eigent
Eigent eigent
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 14 Jan 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Eigent-ai
Eigent-ai eigent
Vendors & Products Eigent-ai
Eigent-ai eigent

Tue, 13 Jan 2026 20:45:00 +0000

Type Values Removed Values Added
Description Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/workflows/ci.yml) allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull_request_target trigger combined with checkout of untrusted PR code. An attacker can exploit this to steal credentials, post comments, push code, or create releases.
Title Eigent Allows Arbitrary Code Execution via pull_request_target CI Workflow
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 8.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Eigent Eigent
Eigent-ai Eigent
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-14T23:26:18.334Z

Reserved: 2026-01-12T16:20:16.747Z

Link: CVE-2026-22869

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T21:15:54.917

Modified: 2026-01-29T17:52:40.400

Link: CVE-2026-22869

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:30:25Z

Weaknesses