Postiz CVE-2026-42298 — "Pwn Request" RCE in AI Social Media Scheduler via GitHub Actions
AI relevance: Postiz is an AI-powered social media scheduling platform — compromise of its build pipeline means the CI/CD infrastructure behind an actively deployed AI service is one forked PR away from full repository takeover, including any AI API keys and model credentials in the build environment.
- CVE-2026-42298 (CVSS 10.0 Critical) affects Postiz, an AI social media scheduling tool. Published May 8, 2026.
- The "Pwn Request" vulnerability lives in
.github/workflows/pr-docker-build.yml— the Build and Publish PR Docker Image workflow. - Any unauthenticated attacker can fork the Postiz repo, modify
Dockerfile.devwith malicious commands, and open a pull request. - When the PR workflow triggers, the malicious Dockerfile executes during image build, granting full code execution in the GitHub Actions runner context.
- The runner environment exposes a
GITHUB_TOKENwithwrite-allpermissions, which can be exfiltrated for complete repository control. - The issue affects all versions prior to commit
da44801.
Why it matters
This is a textbook "Pwn Request" — a class of vulnerability where fork-based pull requests trigger workflows with overly privileged tokens. For AI platforms like Postiz, a compromised CI pipeline means attackers can inject malicious code into the shipped product, steal AI service credentials, or pivot into connected social media accounts. The CVSS 10.0 score reflects the zero-authentication, no-user-interaction exploitation path.
What to do
- Postiz users and self-hosters should verify their fork includes commit
da44801or later. - Any GitHub project with PR-triggered workflows should restrict
pull_request_targettriggers to require approval for fork-based PRs, and scope tokens to minimum required permissions. - Rotate any
GITHUB_TOKENor other secrets that may have been exposed in affected workflow runs.