Command Injection Vulnerability in wenxian by njzjz
CVE-2026-34243

9.8CRITICAL

Key Information:

Vendor: Njzjz
Status: Wenxian
Vendor: CVE Published:; 31 March 2026

What is CVE-2026-34243?

wenxian, a tool designed for generating BIBTEX files from various identifiers, is affected by a command injection flaw. In versions 0.3.1 and earlier, it incorporates untrusted user input directly into a shell command through its GitHub Actions workflow. This compromise enables attackers to execute arbitrary code on the runner environment. As of now, no patches are publicly available to mitigate this vulnerability.

Affected Version(s)

wenxian <= 0.3.1

References

https://github.com/njzjz/wenxian/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34243 Data

JSON

Njzjz

What is CVE-2026-34243?

Affected Version(s)

References

CVSS V3.1

Timeline