CVE-2026-31976P2CRITICALCVSS 9.8≥ 5.38.0, ≤ 6.4.0·v>= March 3, 2026, <= March 10, 20262026-03-11
CVE-2026-31976 [CRITICAL] CWE-506 CVE-2026-31976: xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to
xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch. However, the attacker used the compromis
ghsanvd