GitHub updated its official actions/checkout tool on June 18, 2026 to block common forked pull request attack patterns in GitHub Actions, with a broader backport planned for July 16, 2026.
KEY FACTS
- Change actions/checkout v7 now refuses certain fork pull request checkouts by default.
- Scope The protection covers
pull_request_targetand someworkflow_runworkflows. - Risk The issue involves attacker code running with the base repository’s privileges.
- Opt out Workflow authors can set
allow-unsafe-pr-checkoutto true.
A technical analysis from The Hacker News said the refusal applies when a pull request comes from a fork and the checkout matches the fork repository, a pull request ref, or the fork head or merge commit SHA. GitHub said the change is aimed at the most common form of pwn request attacks in the Actions ecosystem.
The default pull_request_target trigger runs in the context of the base repository and can expose secrets and a privileged GITHUB_TOKEN. GitHub said this can lead to cache poisoning, unintended write access, or secret exposure if untrusted code is checked out and executed.
The company said the protection only blocks fork pull request head and merge commits through actions/checkout. It does not stop other untrusted repositories, other event types, or checkouts done with git or the GitHub CLI, and developers can still opt out in some cases.
GitHub advised developers to use pull_request_target only when needed, switch to pull_request when elevated permissions are not required, restrict workflow permissions, and avoid letting user-controlled input execute untrusted code. The disclosure also said workflows that use secrets, write permissions, deployment access, or OIDC publishing still need review.
WHY IT MATTERS
The update adds a guardrail for a common supply chain risk in GitHub Actions, but it does not eliminate the broader problem of running untrusted code in privileged workflows. Security teams still need to review how repositories handle pull requests, secrets, and checkout steps.