CVE-2026-31976 in xygeni-action
Summary
by MITRE • 03/11/2026
xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch. However, the attacker used the compromised GitHub App credentials to move the mutable v5 tag to point at the malicious commit (4bf1d4e19ad81a3e8d4063755ae0f482dd3baf12) from one of the unmerged PRs. This commit remained in the repository's git object store, and any workflow referencing @v5 would fetch and execute it. This is a supply chain compromise via tag poisoning. Any GitHub Actions workflow referencing xygeni/xygeni-action@v5 during the affected window (approximately March 3–10, 2026) executed a C2 implant that granted the attacker arbitrary command execution on the CI runner for up to 180 seconds per workflow run.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 03/17/2026
The vulnerability described in CVE-2026-31976 represents a sophisticated supply chain compromise targeting the xygeni-action GitHub Action ecosystem. This incident demonstrates how attackers can exploit compromised credentials to manipulate versioned tags in software repositories, creating a persistent backdoor that affects all downstream users. The attack occurred when an adversary gained access to legitimate GitHub App credentials and leveraged these privileges to manipulate the mutable v5 tag, effectively poisoning the action's distribution channel. The compromised credentials allowed the attacker to bypass standard security controls that would normally prevent such modifications, highlighting the critical importance of credential security in CI/CD environments.
The technical implementation of this attack involved multiple stages that align with common attack patterns documented in the MITRE ATT&CK framework. The attacker first created three pull requests containing obfuscated shell code within the action.yml file, demonstrating the use of code injection techniques to evade detection. These PRs were initially blocked by branch protection rules, indicating that the repository had basic security measures in place, but the attacker's access to valid credentials enabled them to circumvent these protections. The attack specifically targeted the mutable tag mechanism, which is a well-known weakness in software distribution systems where version tags can be moved to point to malicious commits.
The operational impact of this vulnerability was severe and far-reaching, affecting any GitHub Actions workflow that referenced the xygeni-action@v5 tag during the affected period from March 3-10, 2026. The compromised action executed a command and control implant that provided the attacker with arbitrary command execution capabilities on CI runners for up to 180 seconds per workflow run, as classified under CWE-78 and CWE-94 in the Common Weakness Enumeration catalog. This timeframe represents a critical window where legitimate workflows would automatically fetch and execute the malicious code, creating a potential vector for data exfiltration, infrastructure compromise, and further lateral movement within affected organizations' CI/CD pipelines.
The persistence mechanism employed in this attack demonstrates a sophisticated understanding of Git repository behavior and tag management. The malicious commit remained accessible in the repository's git object store even though it was never merged into the main branch, ensuring that any workflow referencing the v5 tag would continue to execute the compromised code. This approach aligns with supply chain attack methodologies that focus on manipulating trusted distribution points rather than directly attacking target systems. Organizations using the affected xygeni-action were unknowingly executing malicious code within their build environments, potentially compromising the integrity of their entire software supply chain. The attack underscores the critical need for implementing proper tag protection mechanisms, credential rotation procedures, and continuous monitoring of repository changes to detect such malicious activities.
Recommended mitigations include implementing immutable tags for production releases, enforcing strict access controls for repository management operations, and establishing comprehensive monitoring of tag modifications. Organizations should also consider implementing software supply chain security tools that can detect and prevent unauthorized changes to package manifests and action configurations. The incident highlights the necessity of following security best practices such as using semantic versioning with immutable tags, regularly auditing repository permissions, and implementing automated security scanning for CI/CD workflows to prevent similar supply chain compromises from affecting downstream users.