Vulnerability in Ctfer-io Romeo

CVE-2026-32737

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious…

EPSS: 0.000 (6.8th percentile) — read the EPSS interpretation.

Affected products

Ctfer-io Romeo — versions < 0.2.1

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

https://github.com/ctfer-io/romeo/security/advisories/GHSA-fgm3-q9r5-43v9 (x_refsource_CONFIRM)
https://github.com/ctfer-io/romeo/commit/3bb5e9d9ce1199dfbb90fef8ad79ebdeb0bc5e78 (x_refsource_MISC)