CVE-2026-31852 Overview
CVE-2026-31852 is a critical arbitrary code execution vulnerability in the GitHub Actions workflow configuration of the Jellyfin iOS application repository. The code-quality.yml workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. This vulnerability exists in the CI/CD configuration rather than the application code itself.
Due to the workflow's elevated permissions (nearly all write permissions), successful exploitation enables devastating consequences including full repository takeover of jellyfin/jellyfin-ios, exfiltration of highly privileged secrets, Apple App Store supply chain attacks, GitHub Container Registry (ghcr.io) package poisoning, and complete Jellyfin organization compromise via cross-repository token usage.
Critical Impact
This vulnerability enables full supply chain compromise of the Jellyfin iOS application, potentially affecting all users who install or update the app through the Apple App Store. Attackers can inject malicious code into release builds without authentication.
Affected Products
- Jellyfin iOS (jellyfin/jellyfin-ios GitHub repository)
- GitHub Actions workflow code-quality.yml
- Jellyfin organization infrastructure via cross-repository token access
Discovery Timeline
- 2026-03-11 - CVE-2026-31852 published to NVD
- 2026-03-12 - Last updated in NVD database
Technical Details for CVE-2026-31852
Vulnerability Analysis
This vulnerability represents a CI/CD pipeline security flaw classified under CWE-269 (Improper Privilege Management). The code-quality.yml GitHub Actions workflow was configured to execute on pull request events from any source, including forked repositories, while retaining elevated write permissions across the repository.
When a workflow runs in the context of pull_request_target or similar triggers with improper checkout configurations, code from an untrusted fork can execute with the permissions of the base repository. In this case, the workflow possessed nearly all write permissions, creating a scenario where an attacker could submit a malicious pull request that would execute arbitrary code with full repository access.
The exploitation path is particularly severe because it enables:
- Repository Takeover: Full write access to the jellyfin/jellyfin-ios repository
- Secret Exfiltration: Access to GitHub secrets including deployment credentials and API keys
- Supply Chain Attack: Ability to modify release workflows and inject malicious code into App Store builds
- Container Registry Poisoning: Modification of images published to ghcr.io
- Organization Compromise: Cross-repository token usage could pivot to other Jellyfin repositories
Root Cause
The root cause is improper privilege management in the GitHub Actions workflow configuration. The code-quality.yml workflow was configured with excessive write permissions while accepting pull request triggers from untrusted sources (forked repositories). This combination violates the principle of least privilege and creates a path for arbitrary code execution in a privileged context.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction. An attacker can exploit this vulnerability by:
- Forking the jellyfin/jellyfin-ios repository
- Modifying the workflow or adding malicious scripts that execute during the workflow run
- Creating a pull request against the main repository
- The vulnerable workflow automatically executes the attacker's code with elevated privileges
- The attacker's code can then access repository secrets, modify repository contents, or perform any action permitted by the workflow's permissions
The vulnerability is exploited through GitHub's pull request mechanism. When the code-quality.yml workflow triggers on a pull request from a fork, it executes code controlled by the attacker while retaining the permissions configured in the workflow. This allows extraction of secrets via environment variables or API calls, and enables persistent access through repository modifications.
Detection Methods for CVE-2026-31852
Indicators of Compromise
- Unexpected pull requests from unknown forked repositories that trigger workflow runs
- Workflow execution logs showing unusual commands or network connections
- Unauthorized modifications to repository files, especially workflow configurations
- Secret usage patterns indicating exfiltration (API calls to external endpoints)
- Unexpected container image pushes to ghcr.io/jellyfin/*
Detection Strategies
- Audit GitHub Actions workflow runs for pull requests from forked repositories with elevated permissions
- Monitor for workflow configuration changes in the .github/workflows/ directory
- Review GitHub audit logs for repository admin actions and secret access patterns
- Implement branch protection rules requiring approval before workflow execution
- Deploy SIEM rules to alert on GitHub webhook events indicating suspicious workflow activity
Monitoring Recommendations
- Enable GitHub Advanced Security features for workflow analysis
- Configure alerts for workflow runs triggered by external contributors
- Monitor container registry push events for unauthorized image modifications
- Review deployment logs for the Apple App Store submission pipeline
- Implement runtime security monitoring on workflow runners to detect malicious activity
How to Mitigate CVE-2026-31852
Immediate Actions Required
- Review and audit all GitHub Actions workflows in the jellyfin/jellyfin-ios repository
- Rotate all secrets and tokens that may have been accessible to compromised workflows
- Verify integrity of recent releases and container images
- Enable branch protection requiring approval for workflow runs from forks
- Audit organization-level access tokens for potential cross-repository abuse
Patch Information
The Jellyfin maintainers have addressed this vulnerability through a workflow configuration update. This fix modifies the code-quality.yml workflow to remove dangerous permission configurations and properly restrict execution contexts for pull requests from forked repositories.
This is a configuration vulnerability, not a code vulnerability. End users do not need to take any action—the fix has been applied to the repository's CI/CD configuration. Repository administrators should verify the patch has been applied by confirming commit 109217e75f38394b2f6e46e25dfe5a721203d3c8 is present.
For additional details, refer to the GitHub Security Advisory GHSA-7qhm-2m45-7fmh.
Workarounds
- Disable pull_request_target triggers or switch to pull_request which runs in the context of the fork
- Remove write permissions from workflows that process untrusted input
- Require manual approval for all workflow runs triggered by external contributors
- Use GitHub's permissions key to explicitly restrict workflow permissions to read-only where possible
- Implement separate workflows for trusted and untrusted contribution contexts
# Example: Restricting workflow permissions in GitHub Actions
# Add this to the workflow file to minimize permissions
permissions:
contents: read
pull-requests: read
# Avoid write permissions for workflows triggered by forks
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
