In a nutshell: GitHub blocks by default the automatic loading of code from forked pull requests in privileged workflows to prevent attackers from stealing GITHUB_TOKEN and environment variables.
Since June 2026, the action actions/checkout v7 has by default blocked automatic code pulls from external forks to prevent pwn request attacks. The measure will be rolled out to all supported versions starting July 2026.
Since June 18, 2026, actions/checkout v7 automatically refuses to fetch code from pull requests from repository forks (forks) when triggered within pull_request_target or workflow_run workflows. Developers can only disable this block by explicitly setting the allow-unsafe-pr-checkout parameter to true. This change is scheduled to be rolled back to all currently supported major versions through July 16, 2026.
The background is a known vulnerability in GitHub Actions: the pull_request_target trigger executes automations as soon as a pull request from a fork is opened or updated. These workflows run in the context of the target repository and receive access to the GITHUB_TOKEN with read and write permissions, as well as environment variables and secrets of the default branch. If an unreviewed pull request contains malicious code and is loaded via actions/checkout, attackers can steal these privileged tokens and execute arbitrary code with full workflow permissions. Such attacks have in the past compromised packages of the Nx build system, repositories from PostHog, TanStack, and the Emacs package kubernetes-el.
However, security analysts at analysis firm Socket emphasize that the update is not a comprehensive solution. The block only applies to direct checkouts via actions/checkout. Manual git commands, GitHub CLI, alternative triggers such as issue_comment, and checkouts from unrelated third-party repositories are not subject to the restriction. Socket warns: “This makes it a guardrail, not a complete solution for Actions security. Workflows running with secrets, write permissions, deployment permissions, or OIDC publishing access still require careful review.”
Source: www.it-daily.net · Published June 25, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.