GitHub has implemented a crucial security enhancement to its GitHub Actions by updating the actions/checkout feature. This update is designed to block unsafe workflows that exploit the pull_request_target event, a common target for misuse.
Understanding the Security Risks
The pull_request_target trigger has been a notable concern due to its potential for abuse. It operates with the base repository’s GITHUB_TOKEN, secrets, and default-branch cache access, even when the pull request originates from an untrusted fork.
When maintainers check out the head or merge commit of a forked pull request, there is a risk that attacker-controlled code may execute with full CI privileges. This scenario, known as a “pwn request,” has led to several supply-chain compromises within the ecosystem.
To mitigate these risks, GitHub has released actions/checkout v7 with a secure-by-default approach aimed at thwarting the most frequent patterns of pwn requests.
Impact on Current Workflows
Effective July 16, 2026, GitHub plans to retroactively apply this enforcement logic to all supported major versions. This means workflows using floating tags like actions/checkout@v4 will automatically adopt the new secure defaults without requiring manual adjustments.
Workflows pinned to specific SHAs, minor, or patch versions will need to be updated manually through Dependabot or internal processes to leverage the new security protections.
Pull requests from the same repository are unaffected by this change, and the behavior of the traditional pull_request event remains unchanged, ensuring standard contribution workflows proceed as usual.
Details of the New Checkout Logic
The update to actions/checkout v7 introduces a refusal to fetch fork pull request code in pull_request_target workflows and in workflow_run jobs where workflow_run.event is a pull_request* event, particularly when the configuration explicitly targets a fork PR.
This adjustment prevents insecure GitHub Actions patterns, such as specific ref configurations and repository inputs that resolve to forked repositories, from executing sensitive commands with access to secrets and production resources.
By blocking these insecure patterns, GitHub ensures that affected workflows fail early, preventing the silent execution of potentially malicious code. However, GitHub emphasizes that this update addresses the most common misuse cases but does not claim to eliminate all variants of pwn requests.
Remaining Vulnerabilities and Future Prospects
Despite the update, workflows remain vulnerable if they manually pull and execute untrusted code using run blocks that call git or the gh CLI to fetch arbitrary refs, as these operations bypass actions/checkout entirely.
Unsafe patterns triggered by other events, such as issue_comment, are also outside the scope of this change. However, GitHub may consider expanding hardening efforts to additional event types in the future.
For legitimate scenarios requiring elevated trust for fork PR code, GitHub provides an opt-out path by allowing maintainers to use the allow-unsafe-pr-checkout input, albeit with a strong emphasis on careful review and threat modeling.
Security-conscious teams are encouraged to run untrusted forks under pull_request with restricted permissions, reserving pull_request_target for audited pipelines needing access to sensitive resources.
