10 matches found
CVE-2026-39866
Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in releaseupdate.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue...
CVE-2026-39866
Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in releaseupdate.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue...
CVE-2026-39866
Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in releaseupdate.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue...
CVE-2026-39866 Lawnchair vulnerable to Command Injection via unquoted workflow dispatch input in release_update.yml
Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in releaseupdate.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue...
CVE-2026-39866
CVE-2026-39866 affects Lawnchair for Android. The bug is in the release_update.yml GitHub Actions workflow: an unquoted input (artifactName) is injected into a bash command, allowing command execution on the runner. A patch commit fcba413f55dd47f8a3921445252849126c6266b2 fixes the issue; affected...
CVE-2026-39866 Lawnchair vulnerable to Command Injection via unquoted workflow dispatch input in release_update.yml
Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in releaseupdate.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue...
EUVD-2026-24039
Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in releaseupdate.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue...
Lawnchair 安全漏洞
Lawnchair is an open-source Android desktop launcher developed by Lawnchair, featuring highly customizable features and Pixel functionality. Lawnchair has a security vulnerability, which stems from command injection in the releaseupdate.yml workflow scheduling input, potentially allowing arbitrar...
Exploit for CVE-2026-39866
CVE-2026-39866 — Command Injection via unquoted workflow dispa...
PT-2026-32122
Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release update.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue...