Shell Command Injection Flaw in MaaAssistantArknights Tool
CVE-2026-55576
8.8HIGH
What is CVE-2026-55576?
The MaaAssistantArknights tool contains a vulnerability that allows an attacker to exploit the pull request title field in GitHub events. When a pull request is opened or edited with a title starting with 'Release v', it could potentially inject and execute shell commands during the change log generation process on the ubuntu-latest runner. This security flaw has been addressed in the latest updates, ensuring that untrusted input is properly sanitized to prevent unauthorized command execution.
Affected Version(s)
MaaAssistantArknights < cafc3946059e6337d2089d4fec8b6885ba17c332
