GHSA-F8Q5-H5QH-33MH

Vulnerability from github – Published: 2026-03-11 22:18 – Updated: 2026-03-11 22:18
VLAI?
Summary
xygeni-action v5 tag poisoned with C2 backdoor
Details

Description

On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch.

However, the attacker used the compromised GitHub App credentials to move the mutable v5 tag to point at the malicious commit (4bf1d4e19ad81a3e8d4063755ae0f482dd3baf12) from one of the unmerged PRs. This commit remained in the repository's git object store, and any workflow referencing @v5 would fetch and execute it.

The malicious code, disguised as a "scanner version telemetry" step, operates as follows:

  1. Registers the CI runner with a C2 server at 91.214.78.178 (via security-verify.91.214.78.178.nip.io), transmitting hostname, username, and OS version.
  2. Polls the C2 server every 2–7 seconds for 180 seconds, receiving and executing arbitrary shell commands via eval.
  3. Compresses and base64-encodes command output before exfiltrating it back to the C2 server.

The implant runs silently in the background alongside the legitimate scan, suppresses all errors, skips TLS certificate verification, and uses randomized polling intervals to evade detection.

Impact

This is a supply chain compromise via tag poisoning. Any GitHub Actions workflow referencing xygeni/xygeni-action@v5 during the affected window (approximately March 3–10, 2026) executed a C2 implant that granted the attacker arbitrary command execution on the CI runner for up to 180 seconds per workflow run.

The severity is set to Critical based on the potential impact. However, several factors reduce the realized risk: the v5 tag was primarily referenced by Xygeni-owned and Xygeni-affiliated repositories; no external public repositories were found using the compromised tag (though usage in private repositories cannot be ruled out); the exposure window was approximately 6 days; and no confirmed exploitation of downstream users has been established to date.

Patches

The compromised v5 tag has been removed from the repository. Users should update their workflows to pin to the verified safe commit SHA corresponding to v6.4.0:

uses: xygeni/xygeni-action@13c6ed2797df7d85749864e2cbcf09c893f43b23 # v6.4.0

Workflows still referencing @v5 will fail with a reference not found error, as the tag no longer exists.

If your workflows ran with @v5 during the affected window, you should also:

  • Rotate all secrets that were available to the CI runner (repository secrets, environment secrets, deploy keys, cloud provider tokens).
  • Audit CI logs for outbound connections to 91.214.78.178 or DNS lookups for security-verify.91.214.78.178.nip.io.
  • Review recent releases and published artifacts for signs of tampering.

Workarounds

As an alternative to using the GitHub Action, you may install and run the Xygeni scanner directly via the CLI installation method documented at https://docs.xygeni.io/xygeni-scanner-cli/xygeni-cli-overview/xygeni-cli-installation. This bypasses the GitHub Action entirely and is not affected by this incident.

References

  • GitHub issue: https://github.com/xygeni/xygeni-action/issues/54
  • Xygeni incident blog post: (URL to be added upon publication)
Severity ?
9.3 (Critical)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "GitHub Actions",
        "name": "xygeni/xygeni-action"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5"
            },
            {
              "fixed": "6.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-31976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-506"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-11T22:18:44Z",
    "nvd_published_at": "2026-03-11T20:16:17Z",
    "severity": "CRITICAL"
  },
  "details": "### Description\n\nOn March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into `action.yml`. The PRs were blocked by branch protection rules and never merged into the main branch.\n\nHowever, the attacker used the compromised GitHub App credentials to move the mutable `v5` tag to point at the malicious commit (`4bf1d4e19ad81a3e8d4063755ae0f482dd3baf12`) from one of the unmerged PRs. This commit remained in the repository\u0027s git object store, and any workflow referencing `@v5` would fetch and execute it.\n\nThe malicious code, disguised as a \"scanner version telemetry\" step, operates as follows:\n\n1. Registers the CI runner with a C2 server at `91.214.78.178` (via `security-verify.91.214.78.178.nip.io`), transmitting hostname, username, and OS version.\n2. Polls the C2 server every 2\u20137 seconds for 180 seconds, receiving and executing arbitrary shell commands via `eval`.\n3. Compresses and base64-encodes command output before exfiltrating it back to the C2 server.\n\nThe implant runs silently in the background alongside the legitimate scan, suppresses all errors, skips TLS certificate verification, and uses randomized polling intervals to evade detection.\n\n### Impact\n\nThis is a supply chain compromise via tag poisoning. Any GitHub Actions workflow referencing `xygeni/xygeni-action@v5` during the affected window (approximately March 3\u201310, 2026) executed a C2 implant that granted the attacker arbitrary command execution on the CI runner for up to 180 seconds per workflow run.\n\nThe severity is set to Critical based on the potential impact. However, several factors reduce the realized risk: the `v5` tag was primarily referenced by Xygeni-owned and Xygeni-affiliated repositories; no external public repositories were found using the compromised tag (though usage in private repositories cannot be ruled out); the exposure window was approximately 6 days; and no confirmed exploitation of downstream users has been established to date.\n\n### Patches\n\nThe compromised `v5` tag has been removed from the repository. Users should update their workflows to pin to the verified safe commit SHA corresponding to v6.4.0:\n\n```yaml\nuses: xygeni/xygeni-action@13c6ed2797df7d85749864e2cbcf09c893f43b23 # v6.4.0\n```\n\nWorkflows still referencing `@v5` will fail with a reference not found error, as the tag no longer exists.\n\nIf your workflows ran with `@v5` during the affected window, you should also:\n\n- Rotate all secrets that were available to the CI runner (repository secrets, environment secrets, deploy keys, cloud provider tokens).\n- Audit CI logs for outbound connections to `91.214.78.178` or DNS lookups for `security-verify.91.214.78.178.nip.io`.\n- Review recent releases and published artifacts for signs of tampering.\n\n\n### Workarounds\n\nAs an alternative to using the GitHub Action, you may install and run the Xygeni scanner directly via the CLI installation method documented at https://docs.xygeni.io/xygeni-scanner-cli/xygeni-cli-overview/xygeni-cli-installation. This bypasses the GitHub Action entirely and is not affected by this incident.\n\n### References\n\n- GitHub issue: https://github.com/xygeni/xygeni-action/issues/54\n- Xygeni incident blog post: (URL to be added upon publication)",
  "id": "GHSA-f8q5-h5qh-33mh",
  "modified": "2026-03-11T22:18:44Z",
  "published": "2026-03-11T22:18:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xygeni/xygeni-action/security/advisories/GHSA-f8q5-h5qh-33mh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31976"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xygeni/xygeni-action/issues/54"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xygeni/xygeni-action"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "xygeni-action v5 tag poisoned with C2 backdoor"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.