Arbitrary Code Execution Vulnerability in Eigent CI Workflow
CVE-2026-22869

8.9HIGH

Key Information:

Vendor

Eigent-ai

Status
Eigent
Vendor
CVE Published:
13 January 2026

What is CVE-2026-22869?

A significant security flaw exists in the CI workflow of Eigent, enabling arbitrary code execution through untrusted pull requests. This vulnerability arises from the use of the pull_request_target trigger alongside the checkout of potentially harmful code from unverified sources. Attackers could exploit this weakness to gain unauthorized access, steal sensitive information, manipulate repository contents, or perform unauthorized actions such as posting comments or creating releases. It is crucial for users of Eigent Workforce to review their CI configurations and implement necessary security measures to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

eigent < bf02500bbbab0f01cd0ed8e6dc21fe5683d6bfb5

References

https://github.com/eigent-ai/eigent/security/advisories/G...
x_refsource_CONFIRM
https://github.com/eigent-ai/eigent/pull/836
x_refsource_MISC
https://github.com/eigent-ai/eigent/pull/837
x_refsource_MISC

CVSS V4

Score:
8.9
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.