216.73.216.170

CVE-2026-22869

· Published 13/01/2026 21:15 · Modified 14/01/2026 16:25

Labels: CVE-2026-22869 2026-01-13CVE-2026-22869CWE-94[email protected]

Essential information

Published
13/01/2026 21:15
Modified
14/01/2026 16:25
Author
Creator
CVSS
8.9 HIGH (v3) 8.9 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/workflows/ci.yml) allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull_request_target trigger combined with checkout of untrusted PR code. An attacker can exploit this to steal credentials, post comments, push code, or create releases.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
eigent / eigent cpe:2.3:a:eigent:eigent:*:*:*:*:*:*:*:*
github / github cpe:2.3:a:github:github:*:*:*:*:*:*:*:*

References