Postiz unauthenticated RCE via PR build (CVE-2026-42298)

Patch now - CVE-2026-42298 is a critical supply chain vulnerability in Postiz (versions prior to commit da44801) that lets any unauthenticated attacker execute arbitrary code during the Docker build process and steal a write-all GITHUB_TOKEN. A malicious pull request from a fork weaponizing Dockerfile.dev is all that’s required to compromise the CI pipeline.

Overview

CVE-2026-42298 is a “Pwn Request” class vulnerability in Postiz’s Build and Publish Pull Request Docker workflow. The workflow .github/workflows/pr-docker-build.yml does not properly restrict the Docker build context, allowing an unauthenticated attacker to submit a pull request from a forked repository containing a tampered Dockerfile.dev. During the automated build, this Dockerfile can execute arbitrary commands as part of the image construction, exfiltrating the GITHUB_TOKEN with write-all permissions to the Postiz repository. With that token, an attacker could push malicious code, tamper with releases, or compromise downstream users.

The vulnerability is scored CVSS 10.0 (CRITICAL) with a network attack vector, no privileges required, and no user interaction needed. The CI environment processes pull requests automatically upon submission, meaning exploitation is fully automated and unattended.

Impact

Successful exploitation allows an unauthenticated attacker to:

• Execute arbitrary shell commands inside the Docker build environment
• Exfiltrate the GITHUB_TOKEN, which grants write access to the entire repository
• Push malicious commits, alter release artifacts, or inject backdoors into the product
• Potentially pivot to other repositories or secrets accessible via the compromised token

The severity is magnified by Postiz being an AI-powered social media scheduling tool that likely handles OAuth tokens and API keys for multiple social media platforms. A repository takeover could expose user credentials, access keys, and private scheduling data.

Remediation

The vulnerability is fixed in commit da44801. Postiz users and self-hosters should update to this commit or later immediately.

Actions to take:

1. Update the pr-docker-build.yml workflow file to use the patched version that properly restricts the Docker build context and applies least-privilege token permissions.
2. Rotate any GITHUB_TOKEN or repository secrets that were in use prior to the patch, as they may have been compromised.
3. Review recent CI build logs for signs of anomalous Dockerfile.dev modifications or unexpected network connections during build steps.
4. For organization administrators, audit any pull requests from external forks submitted in the period before the patch was applied.

Security Insight

CVE-2026-42298 is a textbook example of the growing “Pwn Request” attack surface in open-source CI pipelines. Similar to the GlassWorm attack that used stolen GitHub tokens to push malware into Python repositories, this vulnerability exploits trust in automated build processes. The fact that a write-all GITHUB_TOKEN was exposed in a pull request workflow shows a fundamental failure to follow the principle of least privilege in CI configuration - a mistake that continues to plague even modern AI-focused toolchains. Organizations should audit their own GitHub Actions workflows to ensure tokens are scoped to the minimum permissions required, and that build contexts are not modifiable by arbitrary pull request authors.

Further Reading

• GlassWorm Attack Uses Stolen GitHub Tokens to
• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs