{"vulnerability": "cve-2026-12567", "sightings": [{"uuid": "049982c1-aedd-4d2a-ad5b-e9ec2203d828", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12567", "type": "seen", "source": "https://gist.github.com/alon710/ab95b5b68cf65f68ecfb103546b48b28", "content": "# CVE-2026-12567: CVE-2026-12567: Symlink Following Vulnerability in BBOT github_workflows Module\n\n> **CVSS Score:** 2.2\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-12567\n\n## Summary\nThe github_workflows module in BBOT (Black Lantern Security OSINT framework) versions 2.0.0 through 2.8.4 constructs local directory paths from user-controlled repository and owner names without validating for symbolic links. A local attacker sharing the scan directory can pre-plant a symlink at the predictable output path, forcing BBOT to write downloaded workflow artifacts or run logs to an arbitrary location on the filesystem.\n\n## TL;DR\nA local symlink-following vulnerability in BBOT's github_workflows module allows an attacker sharing the scan directory to overwrite arbitrary local files when a victim scans a targeted repository.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-59\n- **Attack Vector**: Local\n- **CVSS v3.1 Score**: 2.2\n- **EPSS Score**: 0.0009 (Percentile: 0.60%)\n- **Impact**: Low Integrity Impact (Unsanitized local file write)\n- **Exploit Status**: Proof of Concept (PoC) available in official test suite\n- **KEV Status**: Not listed in CISA KEV\n\n## Affected Systems\n\n- BBOT installations running on multi-user or shared filesystem configurations\n- **BBOT**: >= 2.0.0, <= 2.8.4 (Fixed in: `2.8.5`)\n\n## Mitigation\n\n- Upgrade BBOT to version 2.8.5 or later to apply the path-validation logic.\n- Enforce operating system-level link protections to block unauthorized link resolution.\n- Use unique, restricted output directories rather than shared folders like /tmp.\n\n**Remediation Steps:**\n1. Identify the current BBOT installation version: bbot --version\n2. Upgrade the installation using pip: pip install --upgrade bbot\n3. Configure your system's sysctl configuration to enforce symlink and hardlink security protections.\n4. Verify that bbot scan output configurations point to user-specific directories with permissions restricted to 0700.\n\n## References\n\n- [CVE-2026-12567 MITRE Record](https://www.cve.org/CVERecord?id=CVE-2026-12567)\n- [BBOT Git Patch Commit](https://github.com/blacklanternsecurity/bbot/commit/16d9c42b6c591c07ee94d260cb0588e72d4eae2b)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-12567) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-18T15:41:36.000000Z"}]}