Cyber Posture

CVE-2026-31976

Critical

Published: 11 March 2026

Published
11 March 2026
Modified
16 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 24.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31976 is a critical-severity Embedded Malicious Code (CWE-506) vulnerability in Xygeni Xygeni-Action. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Dependencies and Development Tools (T1195.001); ranked at the 24.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-7 (Software, Firmware, and Information Integrity) and SR-11 (Component Authenticity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Compromise Software Dependencies and Development Tools (T1195.001) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SR-11 Component Authenticity good match
prevent

Requires verification of component authenticity prior to use, directly preventing execution of the maliciously poisoned v5 tag in GitHub Actions workflows.

SI-7 Software, Firmware, and Information Integrity good match
prevent

Enforces integrity checks such as cryptographic hashes or SHA pinning on fetched software components, blocking the tampered action.yml from the malicious commit.

SR-4 Provenance good match
preventdetect

Maintains a provenance ledger to trace the origin of the v5 tag to the unmerged malicious PR commit, enabling prevention or detection of the supply chain compromise.

MITRE ATT&CK Enterprise TechniquesAI

T1195.001 Compromise Software Dependencies and Development Tools Initial Access
Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

CVE directly describes compromise of GitHub Action (development tool/dependency) via tag poisoning to deliver obfuscated shell code, enabling RCE on CI runners through Unix shell execution in workflows.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. The PRs were blocked by branch…

more

protection rules and never merged into the main branch. However, the attacker used the compromised GitHub App credentials to move the mutable v5 tag to point at the malicious commit (4bf1d4e19ad81a3e8d4063755ae0f482dd3baf12) from one of the unmerged PRs. This commit remained in the repository's git object store, and any workflow referencing @v5 would fetch and execute it. This is a supply chain compromise via tag poisoning. Any GitHub Actions workflow referencing xygeni/xygeni-action@v5 during the affected window (approximately March 3–10, 2026) executed a C2 implant that granted the attacker arbitrary command execution on the CI runner for up to 180 seconds per workflow run.

Deeper analysisAI

CVE-2026-31976 is a supply chain compromise vulnerability affecting the xygeni-action GitHub Action, specifically the mutable v5 tag of the xygeni/xygeni-action repository. On March 3, 2026, an attacker with compromised credentials created pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. Although branch protection rules prevented these PRs from merging into the main branch, the attacker used compromised GitHub App credentials to retag the v5 reference to point at the malicious commit (4bf1d4e19ad81a3e8d4063755ae0f482dd3baf12), which persisted in the repository's git object store. This tag poisoning (CWE-506) enabled remote code execution for any GitHub Actions workflow referencing xygeni/xygeni-action@v5, with a CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Any GitHub Actions workflow referencing xygeni/xygeni-action@v5 between approximately March 3 and March 10, 2026, would fetch and execute the malicious commit, deploying a command-and-control (C2) implant. This granted the attacker arbitrary command execution on the affected CI runner for up to 180 seconds per workflow run, allowing potential data exfiltration, persistence, or further compromise of the runner environment. Exploitation required no privileges beyond public access to the action, targeting users of the xygeni-action in their workflows.

Mitigation details are available in the GitHub security advisory (GHSA-f8q5-h5qh-33mh) and issue tracker (#54) at https://github.com/xygeni/xygeni-action/security/advisories/GHSA-f8q5-h5qh-33mh and https://github.com/xygeni/xygeni-action/issues/54, published following the incident detection on March 11, 2026.

Details

CWE(s)
CWE-506

Affected Products

xygeni
xygeni-action
5.38.0 — 6.4.0

CVEs Like This One

CVE-2025-54313Shared CWE-506
CVE-2025-30154Shared CWE-506
CVE-2026-33634Shared CWE-506
CVE-2025-59374Shared CWE-506
CVE-2025-30066Shared CWE-506
CVE-2026-34424Shared CWE-506
CVE-2026-34841Shared CWE-506
CVE-2026-6443Shared CWE-506

References