HIGH
lingdojo
CVE published 2026-06-11
CVE-2026-48546
CVE-2026-48546 is a high-severity vulnerability in KanaDojo, a linguistic tool, which allows attackers to execute arbitrary code. The vulnerability exists due to the explicit passing of the global require function into a Node.js vm.runInNewContext() sandbox context in the issue-auto-respond.yml workflow. This enables attackers to submit a pull request modifying messages.cjs to import arbitrary Node.js mod [truncated]