Back to CVE List

CVE-2026-14967

LOW SEVERITY

CVSS Score & Metrics

Base Score
3.1 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Vulnerability Description

BBOT's `github_workflows` module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve `..`, so a crafted `CODE_REPOSITORY` URL could traverse out of the intended folder. The write is bounded to two directory levels above the output location and its target is determined by the operator's configuration, not the attacker.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-22
Source
NVD
Vendor
Black Lantern Security
Product
BBOT

External References

Discussion (0)

Add Comment

No comments yet. Be the first!