All 3 CVE vulnerabilities found in act, with AI-generated Chinese analysis, references, and POCs.
Vendor: nektos
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34042 | act: actions/cache server allows malicious cache injection CWE-862 | 8.2 | High | 2026-03-31 |
| CVE-2026-34041 | act: Unrestricted set-env and add-path command processing enables environment injection CWE-74 | 7.1AI | HighAI | 2026-03-31 |
| CVE-2023-22726 | Unrestricted file upload leading to privilege escalation in act CWE-434 | 8.0 | High | 2023-01-20 |
All 3 known CVE vulnerabilities affecting act with full Chinese analysis, references, and POCs where available.