CVE-2026-58370

Woodpecker · Woodpecker CI

A vulnerability exists in Woodpecker CI versions prior to 3 that may expose the system to unauthorized access or operational disruption.

Executive summary

Woodpecker CI versions prior to 3 are susceptible to a high-severity vulnerability that could allow attackers to compromise the integrity and availability of the CI/CD pipeline.

Vulnerability

The vulnerability affects Woodpecker CI instances prior to version 3. Due to the lack of specific technical disclosure, the authentication requirements remain unconfirmed; however, users should assume a potential for unauthorized remote interaction.

Business impact

A successful exploit of this vulnerability could lead to significant operational disruption, unauthorized code execution within the CI/CD pipeline, and potential exposure of sensitive build secrets. With a CVSS score of 8.1, this represents a high risk to organizational security posture, necessitating immediate attention to prevent unauthorized system access.

Remediation

Immediate Action: Upgrade all instances of Woodpecker CI to version 3 or the latest available stable release provided by the vendor.

Proactive Monitoring: Review CI/CD pipeline logs for anomalous job executions, unauthorized configuration changes, or unexpected system access requests.

Compensating Controls: Implement strict network segmentation and restrict access to the Woodpecker interface via VPN or IP allowlisting until the update is applied.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the high severity of this vulnerability, administrators should prioritize the remediation process immediately. Applying the vendor-supplied update is the only definitive way to mitigate this risk; failure to do so may leave your CI/CD environment exposed to malicious activity.