Intelligence
criticalVulnerabilityActive

GitHub Actions Command Injection via Unsanitized Issue Comment Input

GitHub Actions workflows that directly embed `issue_comment.body` into shell commands without sanitization allow unauthenticated attackers to inject arbitrary shell commands and execute code on runners. This PoC demonstrates escape-and-execute techniques that bypass basic quoting.

S
Sebastion

CVE References

CVE-2026-34243

Affected

GitHub Actions Workflows using issue_comment triggers

Vulnerability Analysis

Class & Root Cause: This is a shell command injection vulnerability stemming from unsafe variable interpolation in GitHub Actions. The workflow uses ${{ github.event.comment.body }} directly within a run: shell context without escaping or input validation. GitHub Actions evaluates context expressions (${{ }}) before shell execution, inserting attacker-controlled strings directly into the command line. The grep/cut pipeline does not sanitize the output before reuse, creating a second-order injection risk.

Impact: Successful exploitation grants arbitrary command execution on the GitHub Actions runner with the permissions of the workflow environment, potentially allowing attackers to: exfiltrate secrets, modify repository state, trigger malicious builds, compromise dependent projects, or pivot to the hosting infrastructure.

PoC Significance for Defenders

The PoC demonstrates that simple comment payloads can break out of quoted contexts and execute shell commands. The significance lies in proving that: (1) no authentication beyond issue-comment posting is required, (2) the injection occurs before any filtering logic, and (3) the vulnerability is reliably exploitable across standard CI/CD runners. The PoC confirms that basic bash quoting does not protect against context-expression injection.

Detection Guidance

Workflow Code Review Signals:

  • Workflows using github.event.issue_comment.body, github.event.pull_request.body, or similar untrusted inputs in run: steps
  • Use of ${{ }} context expressions directly in shell commands without ::set-output or environment variable isolation
  • Absence of input validation, regex escaping, or shell-safe libraries (e.g., shlex.quote())

Log Indicators: Monitor GitHub Actions run logs for: unexpected command execution, shell metacharacters in workflow output, failed grep/cut commands with unusual input, or errors suggesting command parsing failures.

YARA/Pattern Detection: Flag workflow files (YAML) containing patterns:

run:.*\$\{\{.*github\.event\.(issue_)?comment\.body.*\}\}

Mitigation Steps

Immediate Actions:

  1. Input Sanitization: Use env: to isolate untrusted input before shell execution:

    env:
  COMMENT_BODY: ${{ github.event.comment.body }}
run: echo "${COMMENT_BODY}" | grep -oE '@njzjz-bot .*' # safer, but still validate

  2. Workflow Permissions: Restrict GITHUB_TOKEN permissions to minimum scope; use separate secrets with limited access.

  3. Input Validation: Explicitly whitelist expected comment formats using strict regex anchors before any command execution.

  4. Shell Safety: Use set -e and set -o pipefail; consider Python/JavaScript steps with proper escaping libraries instead of raw shell.

  5. Patch/Upgrade: Apply any vendor patches; use GitHub's official actions instead of custom shell scripts where possible.

Risk Assessment

Likelihood in the Wild: High. Many CI/CD pipelines naively interpolate user input; this is a well-known anti-pattern. Public repositories with issue-comment automation are exposed.

Threat Actor Interest: High. Command injection in CI/CD is a critical supply-chain attack vector. Nation-state and financial threat actors directly target CI/CD infrastructure.

Timeline: Exploitation is trivial and requires no special tools; mass scanning for vulnerable workflows is feasible.

Sources

poccommand-injectiongithub-actionsci-cdshell-injectionuntrusted-input
Back to intelligence