VYPR
← All advisories
Critical severityNVD Advisory· Published Jun 11, 2026· Updated Jun 11, 2026

CVE-2026-47174

CVE-2026-47174

Description

A GitHub Actions workflow misconfiguration allows untrusted PR code to trigger privileged production deployment in Duck Site <1.0.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A GitHub Actions workflow misconfiguration allows untrusted PR code to trigger privileged production deployment in Duck Site <1.0.1.

Vulnerability

In Duck Site before version 1.0.1, the deploy workflow runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow has package-write permissions and deployment secrets. If a pull request build satisfies the deploy workflow's main branch condition (e.g., head_branch equals main), the deploy job checks out the triggering commit, builds a Docker image, pushes it as latest, and triggers Dokploy deployment. This allows attacker-controlled PR code to become the deployed production site image without merging [1].

Exploitation

An attacker needs to open a pull request from a branch named main or otherwise make the build's head_branch equal to main. No further authentication is required beyond the ability to create a pull request. The attacker can modify application source, build scripts, or Docker build behavior. The build workflow runs automatically, and then the deploy workflow triggers, deploying the attacker's code [1].

Impact

Successful exploitation results in the attacker's arbitrary code being deployed as the production site image. This leads to full compromise of the production environment, including potential data exfiltration, service disruption, or further lateral movement [1].

Mitigation

The issue is patched in Duck Site version 1.0.1. Users should upgrade to 1.0.1 immediately. No workarounds are mentioned. The fix likely involves checking out the trusted main branch directly in the deploy workflow rather than using the triggering commit SHA [1].

References
  1. Untrusted pull request code can trigger privileged production deployment

AI Insight generated on Jun 11, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The deploy workflow uses the triggering run's commit SHA as the checkout ref instead of checking out the trusted main branch directly, allowing untrusted PR code to cross into a privileged release path."

Attack vector

An attacker forks the repository, creates a branch named `main`, modifies the site source (e.g., homepage text or a startup log line), and opens a pull request from `attacker-fork:main` into `upstream:main`. Because the build workflow runs on pull requests targeting main, and the deploy workflow is triggered by the build workflow's successful completion, the deploy workflow checks out the attacker's PR commit, builds it into a Docker image, pushes it as `latest`, and triggers the Dokploy deployment webhook — all without the PR being merged [ref_id=1].

Affected code

The vulnerable path is in the GitHub Actions pipeline — specifically the deploy workflow that triggers after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow has package-write permissions and deployment secrets. The deploy workflow uses the triggering run's commit SHA as the checkout ref instead of checking out the trusted main branch directly [ref_id=1].

What the fix does

The advisory states the issue has been patched in version 1.0.1 but does not include a patch diff. The fix would need to ensure the deploy workflow checks out the trusted main branch directly rather than using the triggering run's commit SHA, or restrict the deploy workflow trigger so it does not run on pull request builds from untrusted forks [ref_id=1].

Preconditions

  • configRepository accepts pull requests and GitHub Actions run on pull requests.
  • configThe deploy workflow exists on the default branch and the Dokploy deployment webhook secret is configured.
  • configPull request workflow runs are not blocked by manual approval or branch policy.
  • inputThe attacker can open a PR from a branch named 'main'.

Reproduction

Fork the repository. In the fork, create a branch named `main`. Modify the site with a harmless proof marker (e.g., change homepage text or add a startup log line). Open a pull request from `attacker-fork:main` into `upstream:main`. Wait for the build workflow to complete successfully. Observe that the deploy workflow is triggered by the completed build workflow, checks out the triggering PR commit, builds the Docker image from attacker-controlled code, pushes it to GHCR as `latest`, and triggers the Dokploy deployment webhook [ref_id=1].

Generated on Jun 11, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

News mentions

0

No linked articles in our index yet.