Shell Command Injection Flaw in MaaAssistantArknights Tool
CVE-2026-55576

8.8HIGH

Key Information:

Vendor
CVE Published:
15 July 2026

What is CVE-2026-55576?

The MaaAssistantArknights tool contains a vulnerability that allows an attacker to exploit the pull request title field in GitHub events. When a pull request is opened or edited with a title starting with 'Release v', it could potentially inject and execute shell commands during the change log generation process on the ubuntu-latest runner. This security flaw has been addressed in the latest updates, ensuring that untrusted input is properly sanitized to prevent unauthorized command execution.

Affected Version(s)

MaaAssistantArknights < cafc3946059e6337d2089d4fec8b6885ba17c332

References

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.