CVE-2026-40316 | OWASP-BLT up to 2.1 regenerate-migrations.yml pull_request_target code injection (GHSA-wxm3-64fx-cmx9)

A vulnerability described as critical has been identified in OWASP-BLT BLT up to 2.1. Impacted is the function pull_request_target of the file github/workflows/regenerate-migrations.yml. Such manipulation leads to code injection.

This vulnerability is traded as CVE-2026-40316. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More