EUVD-2026-29126

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pullrequesttarget privileged trigger but checks out and executes code directly from the attacker's fork, enabling...

CVE-2026-42603

The CVE affects OWASP BLT prior to version 2.1.2. The vulnerability arises in the .github/workflows/pre-commit-fix.yaml workflow, which uses pull_request_target (a privileged trigger) to checkout and execute code directly from the attacker’s fork. This enables Remote Code Execution with write per...

CVE-2026-42603 OWASP BLT: pre-commit-fix.yaml executes untrusted fork code via pull_request_target

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pullrequesttarget privileged trigger but checks out and executes code directly from the attacker's fork, enabling...

OWASP BLT 代码注入漏洞

OWASP BLT is an open-source gamified crowdsourcing platform for testing and disclosing vulnerabilities. Versions of OWASP BLT prior to 2.1.2 contained a code injection vulnerability. This vulnerability stemmed from the use of the pullrequesttarget trigger in the pre-commit-fix.yaml workflow, whic...