CVE-2026-44358— Espressif Shared GitHub DangerJS: Untrusted Search Path in DangerJS Action Entrypoint
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1554 · Compromise Host Software BinaryAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| espressif | shared-github-dangerjs | < 1.0.1 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44358
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Espressif Shared GitHub DangerJS: Untrusted Search Path in DangerJS Action Entrypoint
Source: NVD (National Vulnerability Database)
Vulnerability Description
Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary resolution and Node.js module resolution. A fork pull request processed by a pull_request_target workflow could therefore cause fork-supplied code to execute inside the action container in place of the action's own code. This vulnerability is fixed in 1.0.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对搜索路径元素未加控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Espressif Shared GitHub DangerJS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Espressif Shared GitHub DangerJS是Espressif Systems开源的一款自动检查拉取请求格式的代码审查工具。 Espressif Shared GitHub DangerJS 1.0.1之前版本存在安全漏洞,该漏洞源于entrypoint.sh从调用者工作区调用DangerJS,创建了不可信的搜索路径,可能导致fork拉取请求中的代码在操作容器内执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| espressif | shared-github-dangerjs | < 1.0.1 | - |
II. Public POCs for CVE-2026-44358
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44358
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-44358 (1)
IV. Related Vulnerabilities
Same vendor: espressif
- CVE-2026-42854
arduino-esp32: Stack buffer overflow in WebServer multipart - CVE-2026-42855
arduino-esp32: Digest authentication URI mismatch bypass in - CVE-2026-41429
Improper validation of NBNS name_len in arduino-esp32 NetBIO - CVE-2026-25508
ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisionin - CVE-2026-25507
ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning
Same weakness: CWE-427
V. Comments for CVE-2026-44358
No comments yet