Back to search
CVE-2026-22869
Published: Jan 13, 2026
Modified: Jan 14, 2026
PUBLISHED
Description
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI workflow (.github/workflows/ci.yml) allows arbitrary code execution from fork pull requests with repository write permissions. The vulnerable workflow uses pull_request_target trigger combined with checkout of untrusted PR code. An attacker can exploit this to steal credentials, post comments, push code, or create releases.
| Vendor | Product | Versions |
|---|---|---|
eigent-ai | eigent | affected < bf02500bbbab0f01cd0ed8e6dc21fe5683d6bfb5 |
Weaknesses (CWE)
References
https://github.com/eigent-ai/eigent/security/advisories/GHSA-gvh4-93cq-5xxp
x_refsource_CONFIRM
https://github.com/eigent-ai/eigent/pull/836
x_refsource_MISC
https://github.com/eigent-ai/eigent/pull/837
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now