Cyber Resilience

CVE-2026-31900

High

Published: 11 March 2026

Published
11 March 2026
Modified
16 March 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0046 36.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-31900 is a high-severity Improper Input Validation (CWE-20) vulnerability in Python Black. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Supply Chain (T1195.002); ranked at the 36.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-31900 is a high-severity vulnerability in the GitHub Action provided by Black, an uncompromising Python code formatter. The issue arises when the action is configured with the `use_pyproject: true` option, which reads the Black version from the repository's `pyproject.toml` file. A malicious actor can exploit this by submitting a pull request that modifies `pyproject.toml` to reference a direct URL pointing to a malicious repository, potentially leading to arbitrary code execution within the GitHub Action's context.

The vulnerability can be exploited by any unauthenticated attacker with the ability to submit a pull request to a target repository using the affected Black GitHub Action. No special privileges, user interaction, or complex setup is required, as indicated by the CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation grants the attacker arbitrary code execution in the action's runner environment, enabling access to any secrets or permissions configured for that workflow, such as repository tokens or deployment credentials.

The Black project addressed this in version 26.3.0, as detailed in the security advisory (GHSA-v53h-f6m7-xcgm) and corresponding commit (0a2560b981364dde4c8cf8ce9d164c40669a8611). Security practitioners should update to Black 26.3.0 or later, disable the `use_pyproject: true` option in workflows, and review pull request workflows for supply chain risks, particularly in repositories relying on dynamic dependency resolution from untrusted sources.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, use_pyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit…

more

pyproject.toml to use a direct URL reference to a malicious repository. This could lead to arbitrary code execution in the context of the GitHub Action. Attackers could then gain access to secrets or permissions available in the context of the action. Version 26.3.0 fixes this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1195.002 Compromise Software Supply Chain Initial Access
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise.
T1677 Poisoned Pipeline Execution Execution
Adversaries may manipulate continuous integration / continuous development (CI/CD) processes by injecting malicious code into the build process.
Why these techniques?

The vulnerability enables supply chain compromise by modifying pyproject.toml in a pull request to reference malicious code repositories, leading to poisoned pipeline execution in GitHub Actions.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32274Same product: Python Black
CVE-2026-5271Same vendor: Python
CVE-2026-44432Same vendor: Python
CVE-2026-21441Same vendor: Python
CVE-2025-29814Shared CWE-20
CVE-2026-21864Shared CWE-20
CVE-2026-22862Shared CWE-20
CVE-2025-1022Shared CWE-20
CVE-2025-48913Shared CWE-20
CVE-2026-8000Shared CWE-20

Affected Assets

python
black
≤ 26.3.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation by updating the Black GitHub Action to version 26.3.0 or later directly eliminates the vulnerability allowing malicious pyproject.toml edits to enable arbitrary code execution.

prevent

Establishing secure configuration settings in GitHub workflows to disable use_pyproject or pin approved Black versions prevents pull requests from injecting malicious repository URLs.

prevent

Verifying the integrity and authenticity of Black software components prior to execution in the GitHub Action blocks malicious code fetched from tampered direct URLs in pyproject.toml.

References