CVE-2026-25589: GitHub Actions Script Injection via Workflow Inputs

Score: 8.8
HIGH
Published: 2026-01-15Affected: GitHub Actions workflows with untrusted inputsCWE-94 β†—

Can GitHub Actions be exploited for code execution?

A script injection vulnerability class affecting GitHub Actions workflows that interpolate untrusted user inputs (PR titles, issue bodies) directly into run steps. Attackers can execute arbitrary code in the CI/CD runner context.

Impact & Exploitation

Affects thousands of open-source and enterprise repositories. Enables secret exfiltration, supply chain tampering, and code signing key theft from CI/CD pipelines.

Related Resources

πŸ” Related CWE Entries

πŸ“‹ OWASP Top 10

πŸ“– Security Guides

πŸ›‘οΈ Notable Vulnerabilities

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS8.8
SeverityHIGH
CWECWE-94
Published2026-01-15

Tags

githubci-cdinjectionsupply-chain

Quick Links

Is your system affected?

Precogs AI detects GitHub Actions Script Injection via Workflow Inputs in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2026-25589 GitHub Actions Script Injection via Workflow Inputs don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo