CVE-2026-31900 is a vulnerability identified in the Python code formatter Black, maintained by the Python Software Foundation (psf). Black offers a GitHub Action for automated code formatting, which supports an option 'use_pyproject: true' to determine the Black version from the repository's pyproject.toml configuration file. The vulnerability stems from improper input validation (CWE-20) allowing a malicious actor to craft a pull request that modifies pyproject.toml to reference a malicious repository URL. When the GitHub Action runs, it fetches and executes code from this untrusted source, leading to arbitrary code execution within the GitHub Actions environment. This environment often has elevated permissions and access to repository secrets, enabling attackers to exfiltrate sensitive information or perform unauthorized operations. The vulnerability affects all Black versions prior to 26.3.0, which includes many active development environments relying on automated formatting workflows. The CVSS 4.0 base score is 8.7 (high), reflecting the network attack vector, low attack complexity, no privileges or user interaction required, and high impacts on confidentiality, integrity, and availability. The vulnerability was published on March 11, 2026, and no known exploits have been reported in the wild yet. The fix involves validating and restricting the source of the Black version to trusted repositories and disallowing arbitrary URL references in pyproject.toml when used in GitHub Actions.

This vulnerability poses a significant risk to organizations using Black in their continuous integration and deployment pipelines, especially those leveraging GitHub Actions with the 'use_pyproject: true' option enabled. Exploitation can lead to arbitrary code execution within the CI environment, potentially compromising the build process and allowing attackers to access repository secrets such as API keys, tokens, and credentials. This can result in unauthorized access to source code, deployment environments, and other integrated systems. The integrity of the software development lifecycle is at risk, as attackers could inject malicious code or disrupt automated workflows. The availability of CI/CD pipelines may also be affected if malicious code causes failures or resource exhaustion. Given the widespread use of Black in Python projects and GitHub Actions in modern development workflows, the scope of affected systems is broad, impacting software development teams globally. Organizations that do not promptly update to version 26.3.0 or implement mitigations remain vulnerable to potential attacks that could lead to data breaches, intellectual property theft, and operational disruptions.

To mitigate this vulnerability, organizations should immediately upgrade Black to version 26.3.0 or later in all environments where it is used, particularly in GitHub Actions workflows. Review and restrict the use of the 'use_pyproject: true' option to trusted repositories only, or disable it if not essential. Implement strict branch protection rules and pull request review policies to prevent untrusted contributors from modifying pyproject.toml files. Use GitHub Actions secrets and environment protection rules to limit the scope of accessible credentials during workflows. Employ dependency scanning and code analysis tools to detect unauthorized changes to configuration files. Additionally, consider isolating CI environments and limiting permissions granted to GitHub Actions to the minimum necessary. Monitor CI/CD logs for unusual activity and audit repository changes regularly. Educate development teams about the risks of supply chain attacks and the importance of validating third-party code sources.