CVE-2026-31852 in Jellyfin
Summary
by MITRE • 03/11/2026
Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions (nearly all write permissions), this vulnerability enables full repository takeover of jellyfin/jellyfin-ios, exfiltration of highly privileged secrets, Apple App Store supply chain attack, GitHub Container Registry (ghcr.io) package poisoning, and full jellyfin organization compromise via cross-repository token usage. Note: This is not a code vulnerability, but a vulnerability in the GitHub Actions workflows. No new version is required for this GHSA and end users do not need to take any actions.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/20/2026
The vulnerability identified as CVE-2026-31852 represents a critical configuration flaw in the GitHub Actions workflow infrastructure of the Jellyfin project's iOS repository. This issue stems from the code-quality.yml workflow which operates with excessive permissions that grant nearly full write access to the repository. The vulnerability specifically manifests when pull requests are submitted from forked repositories, creating an attack vector that allows malicious actors to execute arbitrary code within the context of the workflow environment. Such a misconfiguration violates fundamental security principles of least privilege and creates a pathway for complete repository compromise.
The technical exploitation of this vulnerability occurs through the manipulation of GitHub Actions workflows that are designed to perform code quality checks but instead become conduits for malicious activity. When a pull request originates from a forked repository, the workflow executes with elevated permissions that should never be granted to untrusted code. This misconfiguration enables attackers to inject malicious code that can access and exfiltrate sensitive secrets stored in the repository. The vulnerability operates at the infrastructure level rather than the application code level, making it particularly dangerous as it bypasses traditional software security controls and directly targets the continuous integration/continuous deployment pipeline.
The operational impact of this vulnerability extends far beyond the immediate repository compromise. Successful exploitation can lead to complete organization takeover through cross-repository token usage, enabling attackers to move laterally across the Jellyfin organization's infrastructure. The ability to poison GitHub Container Registry packages presents a significant supply chain attack vector, potentially affecting all users who rely on legitimate Jellyfin packages from ghcr.io. Additionally, the vulnerability creates opportunities for Apple App Store supply chain attacks, where malicious code could be injected into iOS applications distributed through official channels, affecting thousands of end users who trust the Jellyfin brand and ecosystem.
Security implications of this vulnerability align with CWE-276, which addresses improper privileges, and map directly to ATT&CK techniques such as T1578 (Modify Cloud Compute Infrastructure) and T1584 (Compromise Infrastructure). The vulnerability demonstrates how insecure CI/CD pipeline configurations can create persistent attack surfaces that are difficult to detect and remediate. Organizations should implement strict workflow permission controls and avoid granting write access to untrusted repositories. The remediation involves restricting workflow permissions to only necessary capabilities and implementing proper code review processes for any workflow modifications. This vulnerability serves as a stark reminder of the importance of securing infrastructure as code and maintaining proper separation of privileges in modern development environments, particularly when dealing with sensitive organizational assets and third-party distribution channels.