CVE-2026-44590
Published: 27 May 2026
Summary
CVE-2026-44590 is a critical-severity OS Command Injection (CWE-78) vulnerability. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-44590 affects the Sherlock social media username search tool prior to version 0.16.1. The vulnerability is a command injection flaw (CWE-78) in the validate_modified_targets.yml GitHub Actions workflow, which uses the pull_request_target trigger. It carries a CVSS 3.1 score of 9.3 reflecting network attack vector, low complexity, and impacts on confidentiality and integrity within the CI environment.
Any unauthenticated GitHub user can trigger the issue simply by opening a pull request against the repository. Successful exploitation allows arbitrary command execution on the workflow runner and exfiltration of the GITHUB_TOKEN without requiring approval, review, or merge of the pull request.
The project security advisory GHSA-v6wr-ccr4-x8g9 states that the flaw is resolved in release 0.16.1. The associated EPSS score remains low and unchanged at 0.0138 with no observed upward trajectory after disclosure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-32638
Vulnerability details
Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to command injection via the pull_request_target trigger. Any GitHub user can execute arbitrary commands on the CI runner and…
more
exfiltrate the GITHUB_TOKEN by opening a pull request. No approval, review, or merge is required. This vulnerability is fixed in 0.16.1.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
pull_request_target workflow enables unauthenticated command injection (CWE-78) on public CI runner, directly matching public app exploitation and arbitrary command execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks command injection by requiring validation/sanitization of untrusted pull-request data before it is used in shell commands within the workflow.
Enforces least-privilege scoping of the GITHUB_TOKEN so that even a successful injection cannot exfiltrate high-value credentials or perform unauthorized repository actions.
Restricts the workflow to only the minimal set of actions, triggers, and shell features needed, eliminating the dangerous pull_request_target + unchecked input pattern.