CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context of the base repository, including a write-privileged `GITHUB_TOKEN` and numerous sensitive secrets (API keys, database/vector store tokens, and a Google Cloud service account key). Version 1.37.1 contains a fix.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.9%

CVSS Severity

CVSS v3 Score 9.9

References

Products affected by CVE-2026-27941

Openlit » Openlit Software Development Kit » Version: 1.36.2

cpe:2.3:a:openlit:openlit_software_development_kit:1.36.2
Openlit » Openlit Software Development Kit » Version: 1.36.3

cpe:2.3:a:openlit:openlit_software_development_kit:1.36.3
Openlit » Openlit Software Development Kit » Version: 1.36.6

cpe:2.3:a:openlit:openlit_software_development_kit:1.36.6
Openlit » Openlit Software Development Kit » Version: 1.36.7

cpe:2.3:a:openlit:openlit_software_development_kit:1.36.7
Openlit » Openlit Software Development Kit » Version: 1.36.8

cpe:2.3:a:openlit:openlit_software_development_kit:1.36.8
Openlit » Openlit Software Development Kit » Version: 1.36.9

cpe:2.3:a:openlit:openlit_software_development_kit:1.36.9
Openlit » Openlit Software Development Kit » Version: 1.37.0

cpe:2.3:a:openlit:openlit_software_development_kit:1.37.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-27941

Products

Pricing

Contact Us