CVE-2026-12567

Description

The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker sharing the scan directory can plant a symlink at the predictable output path, causing workflow data to be written to an attacker-chosen location.

References

• https://github.com/blacklanternsecurity/bbot/commit/16d9c42b6