CVE-2026-31900
published 2026-03-11CVE-2026-31900: Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, use_pyproject: true, for…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.46%
36.5th percentile
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, use_pyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. This could lead to arbitrary code execution in the context of the GitHub Action. Attackers could then gain access to secrets or permissions available in the context of the action. Version 26.3.0 fixes this vulnerability.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | black | — | — |
| psf | black | < 26.3.0 | 26.3.0 |
| psf | black | >= 0 < 26.3.0 | 26.3.0 |
| python | black | < 26.3.0 | 26.3.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor GitHub Action runs where `use_pyproject: true` is set for Black; inspect `pyproject.toml` in pull requests for direct URL references (PEP 440 URL requirements, e.g. `black @ https://...`) pointing to unexpected or external repositories. ↗
- →Alert on GitHub Actions workflows that invoke the Black formatter action with the `use_pyproject: true` option, as this enables the vulnerable code path that reads the Black version/source from `pyproject.toml`. ↗
- →Treat arbitrary code execution risk as high in this context: a successful exploit grants the attacker access to all secrets and permissions available to the GitHub Actions runner. ↗
- ·The vulnerability is only exploitable when the Black GitHub Action is configured with `use_pyproject: true`; workflows not using this option are not affected. ↗
- ·The fix is available in Black version 26.3.0; all prior versions using the vulnerable action option should be upgraded. ↗
- ·Debian distributions (bookworm, bullseye, forky, sid, trixie) all remain open/unpatched as of the Debian security tracker entry. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv8.7HIGH
vendor_debian8.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2026-31900: Black is the uncompromising Python code formatter
osv·2026-03-11·CVSS 8.7
CVE-2026-31900 [HIGH] CVE-2026-31900: Black is the uncompromising Python code formatter
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, use_pyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. This could lead to arbitrary code execution in the context of the GitHub Action. Attackers could then gain access to secrets or permissions available in the context of the action. Version 26.3.0 fixes this vulnerability.
GHSA
Black's vulnerable version parsing leads to RCE in GitHub Action
ghsa·2026-03-07
CVE-2026-31900 [HIGH] CWE-20 Black's vulnerable version parsing leads to RCE in GitHub Action
Black's vulnerable version parsing leads to RCE in GitHub Action
### Impact
Black provides a [GitHub action](https://black.readthedocs.io/en/stable/integrations/github_actions.html) for formatting code. This action supports an option, `use_pyproject: true`, for reading the version of Black to use from the repository `pyproject.toml`. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. This could lead to arbitrary code execution in the context of the GitHub Action. Attackers could then gain access to secrets or permissions available in the context of the action.
### Patches
Version 26.3.0 fixes this vulnerability by tightening the validation of the `version` field. Users who use the GitHub Action as `psf/black@stable` will automati
Debian
CVE-2026-31900: black - Black is the uncompromising Python code formatter. Black provides a GitHub actio...
vendor_debian·2026·CVSS 8.7
CVE-2026-31900 [HIGH] CVE-2026-31900: black - Black is the uncompromising Python code formatter. Black provides a GitHub actio...
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, use_pyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. This could lead to arbitrary code execution in the context of the GitHub Action. Attackers could then gain access to secrets or permissions available in the context of the action. Version 26.3.0 fixes this vulnerability.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
2026-03-11
Published