Home / Vulnerability Intelligence / CVE-2026-27941

CVE-2026-27941 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: February 26, 2026

OpenLIT - Broken Access Control

Published: February 26, 2026Updated: February 26, 2026Remote Exploitable

Overview

OpenLIT prior to 1.37.1 contains a broken access control vulnerability caused by use of `pull_request_target` event in GitHub Actions workflows executing untrusted code with base repository privileges, letting attackers access sensitive secrets, exploit requires untrusted forked pull requests.

Severity & Score

Severity: Critical

CVSS Score: 9.9

Impact

Attackers can access sensitive secrets and tokens, potentially leading to full repository compromise and unauthorized actions.

Mitigation

Update to version 1.37.1 or later.

References

https://github.com/openlit/openlit/commit/4a62039a1659d6cbb8913172693f587b5fc2546c
https://github.com/openlit/openlit/security/advisories/GHSA-9jgv-x8cq-296q

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-27941
Severity: Critical
CVSS Score: 9.9
Type: broken_access_control
Status: new

CWE

CWE-829

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H