๐Ÿ” CVE Alert

CVE-2026-55576

UNKNOWN 0.0

MaaAssistantArknights: PR-title expression injection in release-preparation.yml

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

MaaAssistantArknights is a one-click tool for daily Arknights tasks. In the current dev-v2 workflow, .github/workflows/release-preparation.yml inlined attacker-controlled github.event.pull_request.title into a run: shell command during the pull_request opened, reopened, and ready_for_review events, so a non-draft fork PR whose title starts with Release v could execute shell commands on the ubuntu-latest runner during the generate-changelog job. This vulnerability is fixed by commit cafc3946059e6337d2089d4fec8b6885ba17c332.

CWE CWE-78 CWE-94
Vendor maaassistantarknights
Product maaassistantarknights
Published Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for maaassistantarknights maaassistantarknights

Be the first to know when new unknown vulnerabilities affecting maaassistantarknights maaassistantarknights are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

MaaAssistantArknights / MaaAssistantArknights
< cafc3946059e6337d2089d4fec8b6885ba17c332

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/MaaAssistantArknights/MaaAssistantArknights/security/advisories/GHSA-pqx2-5g66-f5w8 github.com: https://github.com/MaaAssistantArknights/MaaAssistantArknights/commit/cafc3946059e6337d2089d4fec8b6885ba17c332