CVE-2026-45132: CWE-94: Improper Control of Generation of Code ('Code Injection') in CloudPirates-io helm-charts
CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposes sensitive credentials (Personal Access Token and SSH signing key) to fork-controlled code due to unsafe checkout and credential handling practices. This issue has been patched via commit fcf9302.
AI Analysis
Technical Summary
The vulnerability CVE-2026-45132 in CloudPirates-io helm-charts arises from a GitHub Actions workflow that improperly exposes sensitive credentials to fork-controlled code due to unsafe checkout and credential handling. This constitutes a code injection risk (CWE-94) where malicious actors controlling forks could access Personal Access Tokens and SSH signing keys. The issue affects all versions before commit fcf9302, which introduced a fix. The vulnerability has a critical CVSS 3.1 score of 10.0, reflecting high impact on confidentiality and integrity without requiring privileges or user interaction. Although no official remediation level is provided, the vendor has patched the issue in the specified commit.
Potential Impact
An attacker controlling a forked repository could exploit the unsafe GitHub Actions workflow to gain access to sensitive credentials including Personal Access Tokens and SSH signing keys. This could lead to unauthorized access and code injection, compromising confidentiality and integrity of the affected systems. The vulnerability does not impact availability. No known exploits have been reported in the wild.
Mitigation Recommendations
The vulnerability has been patched by the CloudPirates-io project in commit fcf9302. Users should upgrade to versions including or after this commit to remediate the issue. Since the patch status is not explicitly stated beyond this commit, users should verify they are using the fixed version. No additional mitigation guidance is provided by the vendor advisory.
CVE-2026-45132: CWE-94: Improper Control of Generation of Code ('Code Injection') in CloudPirates-io helm-charts
Description
CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposes sensitive credentials (Personal Access Token and SSH signing key) to fork-controlled code due to unsafe checkout and credential handling practices. This issue has been patched via commit fcf9302.
CVSS v3.1
Score 10.0critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-45132 in CloudPirates-io helm-charts arises from a GitHub Actions workflow that improperly exposes sensitive credentials to fork-controlled code due to unsafe checkout and credential handling. This constitutes a code injection risk (CWE-94) where malicious actors controlling forks could access Personal Access Tokens and SSH signing keys. The issue affects all versions before commit fcf9302, which introduced a fix. The vulnerability has a critical CVSS 3.1 score of 10.0, reflecting high impact on confidentiality and integrity without requiring privileges or user interaction. Although no official remediation level is provided, the vendor has patched the issue in the specified commit.
Potential Impact
An attacker controlling a forked repository could exploit the unsafe GitHub Actions workflow to gain access to sensitive credentials including Personal Access Tokens and SSH signing keys. This could lead to unauthorized access and code injection, compromising confidentiality and integrity of the affected systems. The vulnerability does not impact availability. No known exploits have been reported in the wild.
Mitigation Recommendations
The vulnerability has been patched by the CloudPirates-io project in commit fcf9302. Users should upgrade to versions including or after this commit to remediate the issue. Since the patch status is not explicitly stated beyond this commit, users should verify they are using the fixed version. No additional mitigation guidance is provided by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-08T20:08:17.209Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1dbba3e29bf47b501c57a7
Added to database: 6/1/2026, 5:04:35 PM
Last enriched: 6/1/2026, 5:18:40 PM
Last updated: 6/2/2026, 5:03:32 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.