GitHub Actions Hardens Security Against 'Pwn Request' Attacks

What happened?

On June 18, 2026, GitHub announced the release of actions/checkout v7, a security update that automatically blocks workflows that attempt to fetch code from unreviewed pull requests when running under the pull_request_target or workflow_run events. From now on, developers must explicitly add the allow-unsafe-pr-checkout parameter to allow this behavior, which was previously the norm. This change is part of a broader GitHub initiative to adopt a 'secure by default' stance, following a significant increase in attacks exploiting this weakness.

The underlying vulnerability is not new: it has been known since at least 2021, when security researchers first documented the risks of using pull_request_target with unreviewed checkout. However, GitHub had not implemented measures until now, pressured by a wave of attacks in 2025 and 2026 that compromised thousands of repositories and packages. According to Endor Labs data, 'pwn request' attacks increased by 340% in the first quarter of 2026 compared to the same period in 2025.

Why is it important?

'Pwn request' attacks have increased in recent months, especially by the TeamPCP group, which managed to compromise 170 npm packages in May 2026, as reported by InfoWorld. The problem is that the pull_request_target trigger grants access to secrets (such as API keys) that normal pull_request does not allow. If a workflow uses actions/checkout to download the fork's code without review, an attacker can inject malicious code that executes with the workflow's full privileges. Unlike the pull_request event, which runs the workflow in an isolated environment without secrets, pull_request_target runs in the context of the base repository, with access to secrets and deployment tokens.

The impact is massive: according to GitHub, over 1.2 million workflows in public repositories used pull_request_target unsafely before this change. Most of these workflows belong to open source projects, which are particularly vulnerable because they accept contributions from external forks. The typical attack involves an attacker creating a pull request with malicious code that, when processed by the workflow, extracts secrets or executes arbitrary commands on the runner.

Consequences and context

This change marks the beginning of a 'secure by default' policy in GitHub Actions, where the platform imposes restrictions instead of leaving it to the developer's discretion. Starting July 16, the new defaults will be backported to all supported major versions (v4, v5, v6). Workflows using floating tags (like @v4) will receive the change automatically; those using specific SHAs or minor versions will need to update manually. GitHub has also announced it will explore additional hardening for other events, such as workflow_run and deployment, in future versions.

GitHub's decision is not without criticism. Some developers point out that the change may break legitimate workflows that depend on reviewing code from forks, such as those running quality analysis or automated security tests. To mitigate this, GitHub has provided an opt-out mechanism (allow-unsafe-pr-checkout), but warns that its use should be careful and only when the risks are understood. The company also recommends using pull_request instead of pull_request_target whenever possible, and limiting the use of secrets in workflows that process unreviewed code.

What readers should know

• Not a new vulnerability: The weakness in pull_request_target has been known for years, but GitHub had not acted until now. The first public warning dates back to 2021 in a security report from Endor Labs.
• Does not affect all workflows: Only those using pull_request_target or workflow_run and checkout without review. Workflows using normal pull_request are not affected.
• Additional measures: GitHub warns that more hardening will be explored in the future for other events, such as issue_comment and pull_request_review.
• For developers: Review workflows that use pull_request_target and ensure they do not rely on unreviewed code. If necessary, use the opt-out with caution. It is also recommended to audit exposed secrets and rotate those that may have been compromised.

“The change signals the beginning of a new 'secure by default' era where security will be defined by the GitHub system rather than left to the discretion of developers.” — InfoWorld

Impact on the ecosystem

The measure significantly reduces the attack surface for open source repositories, which were the most affected. According to GitHub estimates, the change will protect approximately 800,000 public repositories that use pull_request_target. However, experts note that 'pwn request' attacks can occur through other avenues, such as manipulation of third-party actions or script injection into the runner environment. For example, an attacker could modify the content of a third-party action that runs in the workflow, or exploit poorly sanitized environment variables.

The security community welcomes the step but calls for more transparency in detecting these attacks. Currently, GitHub does not provide native tools to detect 'pwn request' attempts before they execute, forcing developers to rely on manual audits or external tools. Companies like Endor Labs and Datadog have launched monitoring solutions, but adoption remains low. In the words of a security researcher cited by InfoWorld: "This is a step in the right direction, but it's not enough. GitHub should implement real-time alerts and blocking of suspicious actions."

In market terms, GitHub's decision reinforces its position as a leading DevOps platform, but also puts pressure on competitors like GitLab and Bitbucket to implement similar measures. GitLab has already announced it will study changes to its own CI/CD implementation to prevent similar attacks. Meanwhile, corporate security teams will need to update their workflows and train their developers on the new secure practices.