QwikSec

Security Database

CVE

CWE

Training

CVE-2026-39866

Published: Apr 21, 2026

Modified: Apr 25, 2026

PUBLISHED

Description

Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release_update.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue.

Vendor	Product	Versions
LawnchairLauncher	lawnchair	affected `< fcba413f55dd47f8a3921445252849126c6266b2`

Weaknesses (CWE)

References

https://github.com/LawnchairLauncher/lawnchair/security/advisories/GHSA-9prc-pp2c-3427

x_refsource_CONFIRM

https://github.com/LawnchairLauncher/lawnchair/commit/fcba413f55dd47f8a3921445252849126c6266b2

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.