CNNVD-202601-4436 Information

CNNVD ID

CNNVD-202601-4436

Related CVE

CVE-2026-24480

• CNNVD Published: 2026-01-27

Description (Chinese)

QGIS是QGIS开源的一个地理信息系统。 QGIS存在安全漏洞，该漏洞源于GitHub Actions工作流使用pull_request_target触发器并在特权环境中执行不受信任的拉取请求代码，可能导致远程代码执行和存储库泄露。

Description (English)

QGIS is a geographic information system (GIS) of QGIS open source. QGIS has a security loophole, which stems from the use of the pull request target trigger by the GitHub Actions workflow and the implementation of untrusted pull request codes in the privileged environment, which could lead to remote code execution and leaking from the repository.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

QGIS

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/qgis/QGIS/commit/76a693cd91650f9b4e83edac525e5e4f90d954e9 https://github.com/qgis/QGIS/security/advisories/GHSA-7h99-4f97-h6rw https://access.redhat.com/security/cve/cve-2026-24480

Patch

https://qgis.org/download/