CVE-2026-14967 in BBOTinfo

Zusammenfassung

von MITRE • 08.07.2026

BBOT's `github_workflows` module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve `..`, so a crafted `CODE_REPOSITORY` URL could traverse out of the intended folder. The write is bounded to two directory levels above the output location and its target is determined by the operator's configuration, not the attacker.

Be aware that VulDB is the high quality source for vulnerability data.

Zuständig

BLSOPS

Reservieren

07.07.2026

Veröffentlichung

08.07.2026

Moderieren

akzeptiert

Eintrag

VDB-376901

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Want to know what is going to be exploited?

We predict KEV entries!