CVE-2026-27941 in OpenLIT
Summary
by MITRE • 02/26/2026
OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context of the base repository, including a write-privileged `GITHUB_TOKEN` and numerous sensitive secrets (API keys, database/vector store tokens, and a Google Cloud service account key). Version 1.37.1 contains a fix.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/06/2026
The vulnerability described in CVE-2026-27941 represents a critical security flaw in the OpenLIT platform's continuous integration and deployment infrastructure. This issue specifically affects GitHub Actions workflows that utilize the pull_request_target event mechanism, creating a dangerous execution environment where untrusted code from external contributors can be executed with elevated privileges. The flaw exists in OpenLIT versions prior to 1.37.1, where the platform's automated workflow system fails to properly isolate code execution from the repository's security context, fundamentally undermining the security model that should protect sensitive infrastructure components.
The technical implementation of this vulnerability stems from the improper use of GitHub's pull_request_target event which triggers workflows when pull requests are opened, updated, or synchronized. Unlike the standard pull_request event that runs in the context of the forked repository, pull_request_target executes in the context of the base repository, allowing malicious actors to inject code that gains access to the repository's security tokens and secrets. This workflow configuration creates a privilege escalation scenario where untrusted code execution can leverage the GITHUB_TOKEN's write permissions and access to sensitive environment variables containing API keys, database credentials, and cloud service account information.
The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with the potential to compromise the entire infrastructure that the OpenLIT platform relies upon. With write access to the repository and access to sensitive secrets, an attacker could modify code to exfiltrate confidential data, inject malicious payloads, or even establish persistent backdoors within the platform's codebase. The presence of Google Cloud service account keys within the workflow environment creates additional risk for cloud infrastructure compromise, potentially allowing attackers to access cloud resources and data stored in connected systems. This vulnerability directly aligns with CWE-470, which describes the use of insecure functions that can lead to code injection attacks, and represents a significant weakness in the platform's supply chain security model.
The mitigation implemented in version 1.37.1 addresses the core issue by correcting the workflow configuration to prevent untrusted code execution in privileged contexts. This fix likely involves transitioning from pull_request_target to pull_request events, or implementing proper isolation mechanisms that prevent sensitive secrets from being exposed to untrusted code execution environments. Organizations utilizing OpenLIT should immediately upgrade to version 1.37.1 or later to remediate this vulnerability, while also reviewing their own GitHub Actions workflows for similar patterns that might expose sensitive credentials to untrusted code execution contexts. The fix demonstrates the importance of following security best practices in CI/CD environments, specifically addressing ATT&CK technique T1078.004 which covers legitimate credentials used for persistence, as the compromised secrets could be used for extended unauthorized access to cloud and infrastructure resources.