CVE-2026-31852
Published: 11 March 2026
Summary
CVE-2026-31852 is a critical-severity Improper Privilege Management (CWE-269) vulnerability in Jellyfin Jellyfin. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Supply Chain Compromise (T1195); ranked at the 31.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses CWE-269 improper privilege management by ensuring GitHub Actions workflows do not grant excessive write permissions to untrusted pull requests from forked repositories.
Mandates secure configuration settings for CI/CD workflows like code-quality.yml to block arbitrary code execution triggered by external PRs.
Restricts access to make changes in the repository, preventing workflows from allowing untrusted PRs to execute with elevated permissions leading to takeover.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in GitHub Actions workflow enables arbitrary code execution via malicious PRs from forks, facilitating supply chain compromise (T1195/T1195.002) through repo takeover, package poisoning in ghcr.io, and App Store attacks, as well as poisoned pipeline execution (T1677).
NVD Description
Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions (nearly all write permissions), this vulnerability enables full repository…
more
takeover of jellyfin/jellyfin-ios, exfiltration of highly privileged secrets, Apple App Store supply chain attack, GitHub Container Registry (ghcr.io) package poisoning, and full jellyfin organization compromise via cross-repository token usage. Note: This is not a code vulnerability, but a vulnerability in the GitHub Actions workflows. No new version is required for this GHSA and end users do not need to take any actions.
Deeper analysisAI
CVE-2026-31852 is a critical vulnerability in the code-quality.yml GitHub Actions workflow within the jellyfin/jellyfin-ios repository, part of the Jellyfin open-source media system. It enables arbitrary code execution triggered by pull requests from forked repositories. This is not a flaw in the application code itself but a misconfiguration in the GitHub Actions workflow, which runs with elevated permissions granting nearly all write access. The issue has a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) and is classified under CWE-269 (Improper Privilege Management).
Any unauthenticated attacker can exploit this vulnerability by submitting a malicious pull request from a forked repository, as the workflow executes without sufficient checks. Successful exploitation allows full takeover of the jellyfin/jellyfin-ios repository, exfiltration of highly privileged secrets, execution of an Apple App Store supply chain attack, poisoning of packages in the GitHub Container Registry (ghcr.io), and compromise of the entire Jellyfin organization through cross-repository token usage.
The GitHub Security Advisory (GHSA-7qhm-2m45-7fmh) and associated fix in commit 109217e75f38394b2f6e46e25dfe5a721203d3c8 address the issue by modifying the workflow configuration. No new software version is required, and end users of Jellyfin do not need to take any actions, as the vulnerability is confined to the repository's CI/CD pipeline.
Details
- CWE(s)