GitHub has introduced a significant security update to its official actions/checkout workflow component, aimed at mitigating a widely exploited class of supply-chain attacks known as “pwn requests.” The change targets unsafe behavior in GitHub Actions workflows that combine pull_request_target triggers with code checkout from untrusted forked pull requests, a pattern that can lead to execution of attacker-controlled code with elevated privileges.
Effective June 18, 2026, the updated version of actions/checkout begins blocking attempts to fetch code from fork-based pull requests when certain conditions are met. These include cases where the repository, branch reference, or commit SHA resolves to a forked pull request head or merge commit. The restriction is designed to prevent workflows from inadvertently executing unreviewed external code within a privileged execution context. A backport of the change to supported major versions is expected in July 2026, with an opt-out flag available for maintainers in controlled scenarios.
The risk arises from the way pull_request_target workflows operate in GitHub Actions. Unlike standard pull request workflows, pull_request_target runs in the context of the base repository and can access sensitive resources such as secrets, caches, and privileged tokens. When combined with actions/checkout pulling code from an untrusted fork, attackers can inject malicious scripts that execute during CI runs, potentially exposing GITHUB_TOKEN credentials, secrets, and deployment permissions.
Security researchers and incident reports have previously shown how this pattern has been abused in real-world supply chain attacks affecting popular open-source projects and build systems. In response, GitHub’s latest update introduces a guardrail that specifically targets the most common exploitation path, though it does not eliminate all forms of workflow-based abuse. Other attack vectors, such as manually fetching untrusted repositories through alternative mechanisms, remain outside the scope of this mitigation.
GitHub and security experts emphasize that the change should be viewed as a partial safeguard rather than a complete solution. Developers are still advised to minimize use of pull_request_target, prefer pull_request workflows when possible, restrict workflow permissions, and carefully audit any process that executes untrusted code in privileged environments. The update underscores the ongoing challenges of securing CI/CD pipelines, where convenience features can inadvertently introduce high-impact supply chain vulnerabilities.
