Severity:
HIGH RISK
(8.8)
Code Injection via Untrusted Pull Request Workflow (CWE-94) in OWASP BLT GitHub Actions
CVE-2026-40316
Published:
Apr 15, 2026
Status:
Awaiting Analysis
Summary
Affected Context
Exploit Preconditions
Why This Happens
Potential Impact
General Mitigation Guidance
How Teams Detect Issues Like This
Frequently Asked Questions
Source
NDV
Recent Vulnerabilities
CWE-74;CWE-89
(7.3)
SQL Injection via Unsanitized ID Parameter (CWE-89) in Pharmacy Sales and Inventory System /ajax.php
Database Compromise and Data Integrity Loss
April 27, 2026
CWE-863
(8.5)
Incorrect Authorization (CWE-863) in OpenClaw chat.send Session Management
Privilege Escalation and Unauthorized Session Control
April 27, 2026
