{"id":8557,"date":"2026-06-22T23:49:10","date_gmt":"2026-06-22T23:49:10","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8557"},"modified":"2026-06-22T23:49:10","modified_gmt":"2026-06-22T23:49:10","slug":"github-actions-hardens-checkout-security-to-block-pwn-request-attacks","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8557","title":{"rendered":"GitHub Actions hardens checkout security to block \u2018pwn request\u2019 attacks"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Stung by a surge in cyberattacks that have run amok in developer environments, GitHub has strengthened the security of <em>actions\/checkout<\/em> to block <a href=\"https:\/\/www.endorlabs.com\/learn\/pwn-request-threat-a-hidden-danger-in-github-actions\" target=\"_blank\" rel=\"noopener\">\u2018pwn request\u2019<\/a> attacks that exploit insecure use of the <em>pull_request_target<\/em> workflow trigger to run an attacker\u2019s code with the workflow\u2019s full privileges.<\/p>\n<p>Announced on June 18, <em>actions\/checkout<\/em> v7 now automatically blocks and fails workflows when used inside <em>pull_request_target<\/em> or <em>workflow_run<\/em> events when attempting to fetch unreviewed fork pull request code.<\/p>\n<p>From now on, the only away around these checks will be for developers to implement an opt out by adding an explicit <em>allow-unsafe-pr-checkout<\/em> to <em>actions\/checkout<\/em>, <a href=\"https:\/\/github.blog\/changelog\/2026-06-18-safer-pull_request_target-defaults-for-github-actions-checkout\/\" target=\"_blank\" rel=\"noopener\">GitHub said<\/a> in its V7 changelog.<\/p>\n<p>The change signals the beginning of a new \u2018secure by default\u2019 era in which security will be defined by the GitHub system rather than being left to discretion of developers. As part of that effort, on July 16, the new defaults will be backported to all supported major versions.<\/p>\n<p>\u201cWorkflows pinned to a floating major tag (e.g., actions\/checkout@v4) will automatically pick up the change. Workflows pinned to a specific SHA, minor, or patch version aren\u2019t affected by the backport and will need to upgrade using Dependabot or through established upgrade processes,\u201d GitHub explained.<\/p>\n<p>However, because pwn request attacks can happen in other ways, \u201cfurther hardening of additional events may be explored in future releases,\u201d the changelog added.<\/p>\n<h2 class=\"wp-block-heading\">Blind spot<\/h2>\n<p>If there\u2019s a criticism that can be levelled at GitHub over this, it\u2019s that it has taken so long to address a weakness that\u2019s been known about for years.<\/p>\n<p>The issue is with GitHub Actions, which allows triggers to run workflows, including<em> pull_request, <\/em>which processes third-party forks without giving access to secrets such as API keys, service tokens, and credentials. The downside is that this restriction prevents some automations from working, which is why developers turn to an alternative trigger, <em>pull_request_target, <\/em>which grants the required access.<\/p>\n<p>At some point, attackers realized that where <em>pull_request_target<\/em> was configured carelessly with <em>actions\/checkout<\/em> to pull in untrusted fork code, it offered a back door into repositories and their secrets.<\/p>\n<p>In other words, the weakness in <em>pull_request_target <\/em>isn\u2019t the trigger itself, which is legitimate and secure when correctly used, but in its \u00a0incorrect use. As GitHub\u2019s changelog puts it: \u201cChecking out the head of an unreviewed pull request from a fork inside one of these workflows typically lets attacker-controlled code execute with the workflow\u2019s full privileges.\u201d<\/p>\n<p>The arrival of <em>actions\/checkout<\/em> v7, however, should make this harder, automatically blocking risky workflows regardless of their configuration.<\/p>\n<p>Unfortunately, a lot of damage has already been done. Open source repositories have recently come under sustained attacks from the TeamPCP hacking group, using a variety of techniques, including pwn requests.<\/p>\n<p>A notable example was its attack last month, which compromised 170 node package manager (npm) packages, including the <a href=\"https:\/\/www.infoworld.com\/article\/4170293\/mistral-ai-sdk-tanstack-router-hit-in-npm-software-supply-chain-attack-2.html\" target=\"_blank\" rel=\"noopener\">TanStack Router ecosystem<\/a>, thanks to a pwn request exploit. Embarrassingly, in a separate incident not involving a pwn request, <a href=\"https:\/\/www.infoworld.com\/article\/4174734\/github-admits-major-source-code-leak-after-3800-internal-repositories-breached.html\" target=\"_blank\" rel=\"noopener\">GitHub itself was breached<\/a> and the attackers exfiltrated source code from around 3,800 of the company\u2019s internal repositories.<\/p>\n<p>Better late than never, GitHub has sprung into action, plotting a series of security reforms on the platform, including, earlier this month, <a href=\"https:\/\/www.infoworld.com\/article\/4183849\/github-finally-pulls-the-plug-on-automatic-install-script-execution-for-npm.html\" target=\"_blank\" rel=\"noopener\">limiting automatic install script execution in npm<\/a>.<\/p>\n<p><em>This article originally appeared on <a href=\"https:\/\/www.infoworld.com\/article\/4188038\/github-actions-hardens-checkout-security-to-block-pwn-request-attacks.html\" target=\"_blank\" rel=\"noopener\">InfoWorld<\/a>.<\/em><\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Stung by a surge in cyberattacks that have run amok in developer environments, GitHub has strengthened the security of actions\/checkout to block \u2018pwn request\u2019 attacks that exploit insecure use of the pull_request_target workflow trigger to run an attacker\u2019s code with the workflow\u2019s full privileges. Announced on June 18, actions\/checkout v7 now automatically blocks and fails [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":8558,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8557","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8557"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8557"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8557\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8558"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8557"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8557"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8557"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}