Description
KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext() sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull request modifying messages.cjs to import arbitrary Node.js modules, bypassing sandbox restrictions and achieving remote code execution with full GitHub Actions runner privileges including access to AUTOMATION_PR_TOKEN.
Published: 2026-06-11
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

KanaDojo before version 0.1.18 contains an escape from the Node.js sandbox that allows an attacker to execute arbitrary code with the full privileges of the GitHub Actions runner. By submitting a pull request that modifies messages.cjs, a malicious user can import arbitrary Node.js modules, bypass the intended vm.runInNewContext restriction, and run code that can read, modify, or delete repository secrets, including the AUTOMATION_PR_TOKEN used by the workflow.

Affected Systems

The product KanaDojo, developed by lingdojo, is affected in all releases earlier than 0.1.18. The vulnerability is triggered when the auto‑respond workflow runs on GitHub Actions for repositories that accept pull requests from external contributors.

Risk and Exploitability

The CVSS score of 8.5 highlights the high severity of this flaw. No EPSS score is available and the vulnerability is not listed in CISA KEV catalog. The attack vector requires a crafted pull request that edits messages.cjs; once merged, the malicious code executes inside the GitHub Actions runner with full permissions, enabling the attacker to access any secret or code and to abuse the AUTOMATION_PR_TOKEN with full privileges.

Generated by OpenCVE AI on June 11, 2026 at 20:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update KanaDojo to version 0.1.18 or later, which removes the unsafe passing of the global require function into vm.runInNewContext.
  • If an immediate upgrade is not possible, disable or remove the auto‑respond feature from the issue‑auto‑respond.yml workflow and prevent pull requests from modifying messages.cjs until the patch is applied.
  • Limit the AUTOMATION_PR_TOKEN to only the scopes required for the CI process, and rotate or replace the token immediately if a compromise is suspected.
  • Monitor GitHub Actions logs for unexpected module imports or changes to messages.cjs and reject any suspicious pull requests.

Generated by OpenCVE AI on June 11, 2026 at 20:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext() sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull request modifying messages.cjs to import arbitrary Node.js modules, bypassing sandbox restrictions and achieving remote code execution with full GitHub Actions runner privileges including access to AUTOMATION_PR_TOKEN.
Title KanaDojo < 0.1.18 Sandbox Escape RCE via messages.cjs
Weaknesses CWE-693
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-11T18:50:40.797Z

Reserved: 2026-05-21T18:34:46.417Z

Link: CVE-2026-48546

cve-icon Vulnrichment

Updated: 2026-06-11T18:50:25.949Z

cve-icon NVD

Status : Deferred

Published: 2026-06-11T18:16:26.390

Modified: 2026-06-11T20:59:55.650

Link: CVE-2026-48546

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T20:30:28Z

Weaknesses
  • CWE-693

    Protection Mechanism Failure