CVE-2026-34243
wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, arXiv ID, or paper title). In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issue_comment.body directly inside a shell command, allowing potential command injection and arbitrary code execution on the runner. At time of publication, there are no publicly available patches.
Vendor
Product
CWE
Yayın Tarihi
2026-03-31 16:16:33
Güncelleme
2026-04-03 14:38:17
Source Identifier
security-advisories@github.com
KEV Date Added
-