Cyber Resilience

CVE-2026-34041

HighPublic PoC

Published: 31 March 2026

Published
31 March 2026
Modified
06 April 2026
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0062 45.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-34041 is a high-severity Injection (CWE-74) vulnerability in Nektos Act. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 45.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-34041 is a high-severity vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the 'act' project, a tool for running GitHub Actions workflows locally. In versions prior to 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, despite these being disabled in GitHub Actions due to environment injection risks (CWE-74). This flaw arises when a workflow step echoes untrusted data to stdout, enabling injection of these commands.

An attacker who can influence the input to a workflow step—such as through malicious repository content or untrusted actions—can exploit this remotely with low complexity and no privileges. Successful exploitation allows setting arbitrary environment variables or modifying the PATH for all subsequent steps in the job, potentially leading to command execution, data exfiltration, or full compromise of the local environment where act is running.

The issue was addressed in act version 0.2.86, as detailed in the project's security advisory (GHSA-xmgr-9pqc-h5vw), release notes, and patching commit. Security practitioners should upgrade to v0.2.86 or later and audit workflows for untrusted stdout outputs when using act locally.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted…

more

data to stdout, an attacker can inject these commands to set arbitrary environment variables or modify the PATH for all subsequent steps in the job. This issue has been patched in version 0.2.86.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1574.007 Path Interception by PATH Environment Variable Stealth
Adversaries may execute their own malicious payloads by hijacking environment variables used to load libraries.
Why these techniques?

Vulnerability in act enables environment variable and PATH injection from untrusted workflow outputs, directly facilitating client-side code execution (T1203, T1059) and path interception for hijacking (T1574.007).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-1691Shared CWE-74
CVE-2024-34544Shared CWE-74
CVE-2026-33202Shared CWE-74
CVE-2026-25520Shared CWE-74
CVE-2026-25586Shared CWE-74
CVE-2026-22200Shared CWE-74
CVE-2024-36295Shared CWE-74
CVE-2026-25814Shared CWE-74
CVE-2026-27727Shared CWE-74
CVE-2026-7770Shared CWE-74

Affected Assets

nektos
act
≤ 0.2.86

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation by upgrading act to version 0.2.86 or later patches the unconditional processing of deprecated ::set-env:: and ::add-path:: commands.

prevent

Validating untrusted stdout from workflow steps prevents injection of environment-altering commands like ::set-env:: and ::add-path::.

SI-20 Tainting good match
prevent

Tainting untrusted outputs from workflow steps blocks their propagation to subsequent steps for setting arbitrary environment variables or modifying PATH.

References