{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27941", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-25T03:11:36.689Z", "datePublished": "2026-02-26T01:17:22.532Z", "dateUpdated": "2026-02-26T15:54:11.519Z"}, "containers": {"cna": {"title": "OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows", "problemTypes": [{"descriptions": [{"cweId": "CWE-829", "lang": "en", "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/openlit/openlit/security/advisories/GHSA-9jgv-x8cq-296q", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openlit/openlit/security/advisories/GHSA-9jgv-x8cq-296q"}, {"name": "https://github.com/openlit/openlit/commit/4a62039a1659d6cbb8913172693f587b5fc2546c", "tags": ["x_refsource_MISC"], "url": "https://github.com/openlit/openlit/commit/4a62039a1659d6cbb8913172693f587b5fc2546c"}], "affected": [{"vendor": "openlit", "product": "openlit", "versions": [{"version": "< 1.37.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-26T01:17:22.532Z"}, "descriptions": [{"lang": "en", "value": "OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context of the base repository, including a write-privileged `GITHUB_TOKEN` and numerous sensitive secrets (API keys, database/vector store tokens, and a Google Cloud service account key). Version 1.37.1 contains a fix."}], "source": {"advisory": "GHSA-9jgv-x8cq-296q", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T15:52:53.788265Z", "id": "CVE-2026-27941", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:54:11.519Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openlit:openlit_software_development_kit:*:*:*:*:*:python:*:*", "matchCriteriaId": "4A765658-CA39-4F2B-94EF-64D0345C0F1F", "versionEndExcluding": "1.37.1", "versionStartIncluding": "1.36.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context of the base repository, including a write-privileged `GITHUB_TOKEN` and numerous sensitive secrets (API keys, database/vector store tokens, and a Google Cloud service account key). Version 1.37.1 contains a fix."}, {"lang": "es", "value": "OpenLIT es una plataforma de c\u00f3digo abierto para ingenier\u00eda de IA. Antes de la versi\u00f3n 1.37.1, varios flujos de trabajo de GitHub Actions en el repositorio de GitHub de OpenLIT utilizan el evento 'pull_request_target' mientras extraen y ejecutan c\u00f3digo no confiable de solicitudes de extracci\u00f3n bifurcadas. Estos flujos de trabajo se ejecutan con el contexto de seguridad del repositorio base, incluyendo un 'GITHUB_TOKEN' con privilegios de escritura y numerosos secretos sensibles (claves de API, tokens de base de datos/almac\u00e9n vectorial y una clave de cuenta de servicio de Google Cloud). La versi\u00f3n 1.37.1 contiene una correcci\u00f3n."}], "id": "CVE-2026-27941", "lastModified": "2026-03-06T20:06:09.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-26T02:16:22.160", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openlit/openlit/commit/4a62039a1659d6cbb8913172693f587b5fc2546c"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/openlit/openlit/security/advisories/GHSA-9jgv-x8cq-296q"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-829"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.37.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "openlit", "vendor": "openlit"}], "created": "2026-02-26T13:10:06.942495+00:00", "updated": "2026-02-26T13:10:06.942603+00:00", "vendors": ["openlit", "openlit$PRODUCT$openlit"]}