Super Linter

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-25761 HIGH This Week

Command injection in GitHub Super-linter versions 6.0.0 through 8.3.0 allows attackers to execute arbitrary commands in workflow runner contexts by submitting pull requests with maliciously crafted filenames containing shell command substitution syntax. An attacker exploiting this vulnerability can access sensitive workflow credentials, including GITHUB_TOKEN, depending on permission configurations. The vulnerability affects Super-linter when used as a GitHub Action and has no available patch at this time.

Github Command Injection Super Linter

NVD GitHub

CVSS 3.1

8.8

EPSS

0.0%

CVE-2026-25761

EPSS 0% CVSS 8.8

HIGH This Week

Command injection in GitHub Super-linter versions 6.0.0 through 8.3.0 allows attackers to execute arbitrary commands in workflow runner contexts by submitting pull requests with maliciously crafted filenames containing shell command substitution syntax. An attacker exploiting this vulnerability can access sensitive workflow credentials, including GITHUB_TOKEN, depending on permission configurations. The vulnerability affects Super-linter when used as a GitHub Action and has no available patch at this time.

Github Command Injection Super Linter

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy