CI workflow RCE disclosed in OWASP BLT GitHub Actions

2 min readPublished 15 Apr 2026Updated 15 Apr 2026Source: CVEProject (cvelistV5)

CVE-2026-40316 News CI/CD Supply Chain GitHub Actions

TL;DR — A pull_request_target GitHub Actions workflow in OWASP BLT can be turned into privileged CI RCE by copying attacker-controlled Django model code into the runner and invoking makemigrations, exposing GITHUB_TOKEN and secrets.

What happened

OWASP BLT is a QA testing and vulnerability disclosure platform that spans websites, apps, and Git repositories.

CVE-2026-40316 describes a GitHub Actions poisoned-pipeline RCE in BLT’s .github/workflows/regenerate-migrations.yml. The workflow uses the privileged pull_request_target trigger (base-repo context with write-capable GITHUB_TOKEN), copies attacker-controlled files from an untrusted PR into the runner workspace (via git show ... > ...), and then runs python manage.py makemigrations. Because Django imports model modules during migration generation, any module-level Python in an attacker-supplied website/models.py is executed during import, yielding arbitrary code execution on the runner.

The attack is triggerable by any external contributor who can open a PR, provided a maintainer applies the regenerate-migrations label. This is a common real-world failure mode in CI/CD: privileged triggers combined with unsafe “copy-from-PR then execute/build” patterns can convert routine maintainer actions (labeling/triage) into repo compromise and downstream supply-chain risk.

Who is impacted

OWASP BLT (OWASP-BLT/BLT) deployments using the vulnerable workflow.

Component	Affected versions (per CVE record)	Patch status (per CVE record)
`OWASP-BLT/BLT`	`<= 2.1`	Patch is expected in `2.1.1`

Notes for responders:

The CVE record links to the GitHub Security Advisory GHSA-wxm3-64fx-cmx9, which describes this as an Actions workflow issue (not a runtime-only app bug), with impact centered on CI runner execution and secret exposure.

What to do now

Follow project remediation guidance and apply the latest patched release available at the time of writing.

"A patch for this issue is expected to be released in version 2.1.1."
Treat this as a CI credential exposure / repo-compromise scenario if you suspect a malicious PR may have been processed: review recent workflow runs of .github/workflows/regenerate-migrations.yml, and rotate any credentials potentially accessible to the runner (including GITHUB_TOKEN-reachable tokens and Actions secrets).
Reduce blast radius for similar patterns across your org:
- Avoid using pull_request_target for workflows that copy/execute untrusted PR content.
- Ensure workflow permissions: are least-privilege (especially contents: write) and gate maintainer label actions that trigger privileged workflows.

Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.