Skip to main content

Woodpecker CI CVE-2026-50141

| EUVDEUVD-2026-37897 HIGH
Authentication Bypass by Spoofing (CWE-290)
2026-06-18 security-advisories@github.com GHSA-g7mm-9vx7-jm7h
7.1
CVSS 4.0 · Vendor: github
Share

Severity by source

Vendor (github) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Remotely reachable gRPC endpoint (AV:N), straightforward metadata injection (AC:L), valid agent token required (PR:L), no user interaction; impersonation tampers with CI integrity (I:H) with no direct C/A impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (github).

CVSS VectorVendor: github

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jun 18, 2026 - 17:02 EUVD
Source Code Evidence Fetched
Jun 18, 2026 - 14:32 vuln.today
Analysis Generated
Jun 18, 2026 - 14:32 vuln.today

DescriptionCVE.org

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agent_id value into outgoing gRPC metadata. The server correctly verified the JWT token but then discarded the verified agent identity in favor of the client-supplied value. Version 3.14.1 patches the issue. As a workaround, disable org agents (WOODPECKER_DISABLE_USER_AGENT_REGISTRATION=true) and delete existing ones.

AnalysisAI

Agent impersonation in Woodpecker CI 3.0.0 through 3.14.0 allows any authenticated agent to assume the identity of any other agent on the same server by injecting a forged agent_id into outgoing gRPC metadata. The server validates the JWT correctly but then trusts the client-supplied agent_id over the cryptographically verified one, enabling cross-tenant job hijacking and integrity compromise of CI pipelines. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain agent JWT via registration
Delivery
Connect to server gRPC endpoint
Exploit
Inject forged agent_id in metadata
Execution
Server trusts client-supplied agent_id
Persist
Receive target agent's pipeline jobs
Impact
Exfiltrate secrets and tamper with CI artifacts

Vulnerability AssessmentAI

Exploitation Requires (1) a valid Woodpecker agent JWT on the target server, obtainable by anyone permitted to register an agent - typically users or organizations on shared/multi-tenant Woodpecker deployments running 3.0.0 through 3.14.0; (2) network reachability to the server's gRPC endpoint; and (3) a modified gRPC client capable of injecting a custom agent_id key into outgoing metadata. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 score of 7.1 (AV:N/AC:L/PR:L/UI:N/VC:N/VI:H/VA:N) accurately reflects a remote, low-complexity attack requiring only a legitimate agent token, with high integrity impact and no confidentiality or availability impact in the base vector - though in practice a hijacked agent can read pipeline secrets passed to jobs, so real-world confidentiality risk is likely understated. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers (or compromises) any legitimate Woodpecker agent on a multi-tenant server, obtaining a valid JWT. They then run a modified agent client that prepends an arbitrary numeric agent_id (e.g., that of a privileged production agent) into the outgoing gRPC metadata before sending RPCs such as Next or Update; the server validates the JWT but reads the spoofed agent_id, routing another tenant's pipeline jobs - and their secrets - to the attacker-controlled agent.
Remediation Vendor-released patch: upgrade Woodpecker CI server to 3.14.1 or later, per advisory GHSA-g7mm-9vx7-jm7h (https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-g7mm-9vx7-jm7h). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit all Woodpecker CI deployments for versions 3.0.0-3.14.0; document current agent credentials and job execution privileges. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate

Share

CVE-2026-50141 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy