Threats Tagged 'cve-2026-47174'
View all threats tagged with 'cve-2026-47174'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-47174'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-47174: CWE-829: Inclusion of Functionality from Untrusted Control Sphere in duck-organization duck-siteCVE-2026-47174 0 In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisfy the deploy workflow’s main branch condition, the deploy job checks out the triggering workflow commit, builds it into a Docker image, pushes it as latest, and triggers Dokploy deployment. This can allow attacker-controlled pull request code to become the deployed production site image without being merged. This issue has been patched in version 1.0.1. Join the discussion | CVE Database V5 | 06/11/2026, 18:46:59 UTC Added: 06/11/2026, 19:00:33 UTC |
Showing 1 to 1 of 1 result