CVE-2026-45803 - GitHub CLI Actions log terminal escape injection

GitHub CLI versions before 2.92.0 can replay terminal control sequences from GitHub Actions log output when a maintainer runs gh run view --log or gh run view --log-failed. A contributor who can influence workflow logs can place escape sequences in build output. When a reviewer later opens those logs with a vulnerable CLI, the terminal or pager interprets the bytes instead of showing them as inert text.

The advisory is Low severity because exploitation depends on maintainer interaction and terminal behavior. It still deserves a targeted recipe because it sits on the PR review path: teams often ask agents and humans to inspect failed CI logs from untrusted branches, forks, generated test cases, package names, commit messages, and tool output.

Affected versions

  • GitHub CLI binary: gh <2.92.0
  • Go module coordinate: github.com/cli/cli/v2 <2.92.0
  • Legacy Go module coordinate: github.com/cli/cli >=1.6.0, <=1.14.0 has no patched v1 release; migrate to the fixed v2 line or remove vendored vulnerable log rendering.
  • Fixed: gh 2.92.0+
  • Affected commands: gh run view --log and gh run view --log-failed

Indicator-of-exposure

  • The repository installs, pins, vendors, or documents GitHub CLI below 2.92.0 in Dockerfiles, devcontainers, CI images, runner bootstrap scripts, release tooling, local setup docs, Codespaces images, or agent workspaces.
  • Maintainers, release engineers, support engineers, or automation agents use gh run view --log or gh run view --log-failed to inspect failed PR, fork, nightly, fuzzing, package-build, or release workflows.
  • Workflow logs include untrusted data such as branch names, commit messages, PR titles, issue text, dependency names, filenames, test names, compiler output, linter output, artifact names, tool stdout, or user-supplied fixture content.
  • Logs are opened in interactive terminals, terminal multiplexers, or pagers whose control-sequence behavior is not locked down by policy.

Quick checks:

rg -n "gh run view|--log-failed|--log|github-cli|cli/cli|gh_[0-9]|gh version|gh --version|GITHUB_TOKEN|GH_TOKEN" .
gh --version

Windows:

rg -n "gh run view|--log-failed|--log|github-cli|cli/cli|gh_[0-9]|gh version|gh --version|GITHUB_TOKEN|GH_TOKEN" .
gh --version

Do not test by replaying terminal escape payloads into a normal interactive terminal, a shared terminal multiplexer, or a production support workstation. Use a captured fixture file and assert on sanitized bytes.

Remediation strategy

  • Upgrade every repository-controlled GitHub CLI installation, image, package pin, devcontainer, runner bootstrap script, and setup document to gh 2.92.0+.
  • If this repository vendors or wraps github.com/cli/cli log rendering code, move to github.com/cli/cli/v2 2.92.0+ or remove the vulnerable renderer.
  • Add a preflight guard in scripts or docs that ask reviewers to run gh run view --log or gh run view --log-failed: fail closed or warn before log inspection when gh --version reports a vulnerable release.
  • Where immediate upgrade is blocked, pipe untrusted log output through a sanitizer such as cat -v, a control-character filter, or an approved local log viewer before displaying it. Treat this as temporary containment, not the final fix.
  • Prefer the GitHub web UI or a non-interactive artifact download path for untrusted fork logs until all reviewer workstations and agent images are on a fixed CLI.
  • Update contributor and reviewer guidance so failed PR logs from forks, fuzzing, package builds, or generated tests are considered untrusted input.

When to use it

Use this recipe when a repository installs, pins, vendors, documents, or wraps GitHub CLI for CI log review, failed workflow triage, support diagnostics, release troubleshooting, or agent workspaces. It is most important when maintainers or agents inspect logs from forks, generated tests, fuzzing, package builds, or other untrusted workflow output.

Use it to upgrade controlled gh binaries and protect reviewer workflows that display untrusted logs. Do not use it to replay terminal escape payloads into a real maintainer terminal.

Inputs

  • Dockerfiles, devcontainers, Codespaces config, runner images, bootstrap scripts, release scripts, local setup docs, package pins, checksums, SBOMs, vendored github.com/cli/cli modules, and agent workspace images.
  • Log-review commands and wrappers using gh run view --log, gh run view --log-failed, failed workflow triage, release troubleshooting, package-build logs, support diagnostics, and agent CI inspection.
  • Trust-boundary evidence for fork logs, PR titles, branch names, commit messages, filenames, dependency names, test names, fixtures, compiler/linter output, artifact names, and issue/user content.
  • Terminal safety controls: gh --version guards, sanitizer use, non- interactive artifact viewers, GitHub web UI fallback, pager policy, and token-bearing shell restrictions.
  • Validation evidence: refreshed image versions, vendored Go tests, sanitizer fixture tests, docs checks, SBOM refresh, and non-secret dry-run paths.

The prompt

You are remediating CVE-2026-45803 / GHSA-crc3-h8v6-qh57, a GitHub CLI
terminal escape sequence injection issue in `gh run view --log` and
`gh run view --log-failed`. Produce exactly one output:

- A reviewer-ready PR/change request that upgrades every repository-controlled
  GitHub CLI installation, protects scripts and docs that ask maintainers or
  agents to inspect untrusted Actions logs, adds safe regression checks, and
  documents reviewer workflow cleanup, or
- TRIAGE.md if this repository does not control any affected GitHub CLI
  installation, wrapper, image, setup path, or log-review workflow.

## Rules

- Scope only CVE-2026-45803 / GHSA-crc3-h8v6-qh57.
- Treat GitHub tokens, PR content from forks, workflow logs, private repository
  names, branch names, commit messages, issue text, artifact names, and local
  terminal state as sensitive.
- Do not replay escape sequences into an interactive maintainer terminal,
  terminal multiplexer, production workstation, shared agent shell, or support
  session.
- Do not print tokens, capture live authorization headers, or broaden GitHub
  token scopes while changing log-review tooling.
- Do not remove CI log review, provenance review, or failure triage. Upgrade
  or sanitize the review path.
- Do not auto-merge.

## Steps

1. Inventory every GitHub CLI installation controlled by this repository:
   Dockerfiles, devcontainers, Codespaces config, CI images, runner bootstrap
   scripts, release scripts, local setup docs, package manager pins, checksums,
   SBOMs, agent workspace images, and vendored `github.com/cli/cli` modules.
2. Determine every resolved `gh` version. A target is vulnerable if it resolves
   below `2.92.0`.
3. Search for log-review usage:
   - `gh run view --log`;
   - `gh run view --log-failed`;
   - wrappers around failed workflow triage, PR review, release troubleshooting,
     support diagnostics, fuzzing logs, package-build logs, or agent CI
     inspection.
4. Map whether those logs can contain untrusted data from forks, PR titles,
   branch names, commit messages, filenames, dependency names, test names,
   generated fixtures, compiler output, linter output, tool stdout, artifact
   names, or issue/user content.
5. If the repository neither installs GitHub CLI nor instructs maintainers or
   agents to use affected commands, stop with `TRIAGE.md` listing checked files
   and the external owner if a base image or platform supplies `gh`.
6. Upgrade all controlled GitHub CLI pins and install paths to `2.92.0+`.
   Refresh checksums, lockfiles, Docker layers, runner-image metadata, SBOMs,
   generated dependency reports, and setup documentation.
7. Where scripts or docs call affected commands, add a preflight guard before
   log display:
   - parse `gh --version`;
   - fail closed or print a non-secret warning below `2.92.0`;
   - recommend upgrading before inspecting untrusted logs;
   - avoid running affected commands in a token-bearing or privileged shell
     until the guard passes.
8. If upgrade cannot land immediately, add temporary containment:
   - pipe affected command output through an approved sanitizer;
   - use a non-interactive log artifact viewer;
   - route untrusted fork log review through the GitHub web UI;
   - document which reviewers, agents, or support paths remain contained.
9. If this repository vendors or wraps GitHub CLI code, upgrade the module or
   remove vulnerable rendering. Add unit tests with synthetic byte fixtures
   proving OSC, CSI, ESC, and terminal-multiplexer control sequences are
   stripped or escaped before display.
10. Add regression coverage that is safe for reviewers:
    - every controlled image or install script resolves `gh >=2.92.0`;
    - scripts that inspect logs fail closed for vulnerable versions;
    - docs no longer ask maintainers to open untrusted logs with vulnerable
      clients;
    - sanitizer tests assert on bytes in files or buffers, not an interactive
      terminal;
    - token-bearing environments are not required for the regression test.
11. Add a PR body section named `CVE-2026-45803 reviewer actions` that states:
    - GitHub CLI versions before and after;
    - where `gh run view --log` or `gh run view --log-failed` was used;
    - whether fork, PR, fuzzing, package-build, or release logs were considered
      untrusted;
    - whether temporary sanitizer containment remains;
    - which developer images, agent images, support workstations, or runbooks
      need manual update;
    - which validation commands passed.
12. Run relevant validation: script tests, workflow lint, container or
    devcontainer build, `gh --version` checks in refreshed images, vendored Go
    tests, sanitizer fixture tests, SBOM refresh, dependency/security scans,
    and non-secret dry-run paths available in this repository.
13. Use PR title:
    `fix(sec): remediate CVE-2026-45803 in GitHub CLI log review`

## Stop conditions

- No repository-controlled GitHub CLI installation, wrapper, image, setup path,
  or affected log-review command exists.
- The vulnerable `gh` binary is supplied only by an external runner image,
  workstation-management system, or platform outside this repository's
  ownership; document the owner and required fixed version.
- Verification would require live untrusted logs, real tokens, a production
  support shell, or replaying escape bytes into an interactive terminal.
- A fixed GitHub CLI cannot be installed without a broader base-image,
  workstation, or runner migration.
- Product or support requirements intentionally depend on raw terminal replay
  of untrusted logs; document the security-owner decision needed in TRIAGE.md.
- Validation fails for unrelated pre-existing reasons; document those failures
  instead of broadening scope.

Verification - what the reviewer looks for

  • No repository-controlled Dockerfile, devcontainer, runner image, setup script, package pin, vendored module, SBOM, or runbook resolves GitHub CLI below 2.92.0.
  • Any script or documented workflow that asks users to run gh run view --log or gh run view --log-failed has either a version guard or a documented fixed-platform guarantee.
  • Temporary sanitizer paths operate on captured bytes or pipes and do not replay escape sequences into an interactive terminal.
  • Tests cover OSC, CSI, ESC, and terminal-multiplexer-style control sequences with synthetic fixtures.
  • The PR keeps CI triage intact and does not weaken tokens, authentication, or release verification to avoid the finding.

Watch for

  • Updating one developer setup path while devcontainers, Codespaces, CI images, self-hosted runner images, or agent workspaces still pin an older CLI.
  • Treating this only as a Go module advisory when most exposure comes from the installed gh binary.
  • Running a proof of concept in the same terminal session used for production support or release work.
  • Adding a sanitizer after the vulnerable CLI has already written raw output to the terminal or pager.
  • Assuming fork logs are safe because the workflow itself is trusted; untrusted strings can still flow into otherwise trusted workflow output.

Output contract

Return one of:

  • A reviewer-ready PR/change request that upgrades every controlled GitHub CLI install path to 2.92.0+, protects scripts/docs that display untrusted Actions logs, adds safe byte-fixture regression tests or version guards, refreshes artifacts, and documents reviewer cleanup actions.
  • TRIAGE.md when no controlled GitHub CLI install, wrapper, image, setup path, vendored renderer, or affected log-review workflow exists.

The output must list GitHub CLI versions, affected log-review commands, untrusted log sources, version guards or sanitizers, images/workstations needing manual update, validation commands, and residual containment. It must not replay escape sequences into interactive terminals, expose tokens, broaden GitHub token scopes, or remove CI triage workflows.

References