VDB

GO-2026-4891

GO-2026-4891 PUBLISHED

act: Unrestricted set-env and add-path command processing enables environment injection in github.com/nektos/act

Affected Products

VendorProductVersions
github.comnektos/act0, 0

Timeline

  • Apr 2, 2026 CVE Published
  • Apr 2, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›