Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
CVE-2026-45131: CloudPirates Helm Charts exposes secrets in GitHub Actions
CVE-2026-45131
Summary
CloudPirates Helm Charts contains a GitHub Actions workflow that executes code from untrusted pull requests, potentially exposing sensitive information like Docker Hub credentials. This issue has been fixed, but it's essential to verify that updates are applied to prevent similar security risks. If you use these charts, ensure you're running the latest version.
Original title
CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests...
Original description
CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow (pull-request.yaml) executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens without requiring maintainer approval. This issue has been patched via commit fcf9302.
nvd CVSS3.1
10.0
Vulnerability type
CWE-94
Code Injection
Published: 1 Jun 2026 · Updated: 1 Jun 2026 · First seen: 1 Jun 2026