CVE Catalog

CVE-2026-58424

HighCVSS 8.9
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

A vulnerability in the workflow approval gate mechanism of the repository management system allows bypassing the approval gate for pull requests from permanent forks. An attacker can submit a pull request from a permanent fork without the required approval.

Risk Assessment

The risk involves the possibility of introducing unauthorized changes to the source code without going through the review and approval process, which could lead to malicious code injection or repository integrity compromise.

Recommendation

It is recommended to immediately update the system to a version containing the fix for this vulnerability and verify the configuration of approval rules for pull requests from forks.

Original NVD description (English source)

Permanent Fork PR Workflow Approval Gate Bypass

Vulnerability data from NVD (NIST) · CISA KEV · EPSS