CVE-2026-27941 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_re…
Critical CVSS: 9.9

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context of the base repository, including a write-privileged `GITHUB_TOKEN` and numerous sensitive secrets (API keys, database/vector store tokens, and a Google Cloud service account key). Version 1.37.1 contains a fix.
Vendor
Openlit
Product
Openlit Software Development Kit
CWE
CWE-829
Yayın Tarihi
2026-02-26 02:16:22
Güncelleme
2026-03-06 20:06:09
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-829 Openlit Software Development Kit CRITICAL Openlit 2026

Referanslar

https://github.com/openlit/openlit/commit/4a62039a1659d6cbb8913172693f587b5fc2546c https://github.com/openlit/openlit/security/advisories/GHSA-9jgv-x8cq-296q