CVE-2026-45131
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
01/06/2026
Last modified:
01/06/2026
Description
CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens without requiring maintainer approval. This issue has been patched via commit fcf9302.
Impact
Base Score 3.x
10.00
Severity 3.x
CRITICAL



