2 matches found
CVE-2026-39382
creationtimestamp| type| source ---|---|--- 2026-04-07 21:22:30+00:00| published-proof-of-concept| Telegram/PsCoAl2rNCHfpa-IE94yjZNK4tjM6zifbqO0UkQOdEj8yI 2026-04-07 23:03:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwv6zz67y2n...
CVE-2026-39382
In CVE-2026-39382, the vulnerability arises in a dbt workflow where the prep job uses peter-evans/find-comment to fetch a comment-body, which is then interpolated into a shell command without escaping. This allows attacker-controlled text to break out of quotes and inject arbitrary shell commands...