Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2026-31976 is a critical severity vulnerability with a CVSS score of 9.8. No known exploits currently, and patches are available.
Very low probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch.
However, the attacker used the compromised GitHub App credentials to move the mutable v5 tag to point at the malicious commit (4bf1d4e19ad81a3e8d4063755ae0f482dd3baf12) from one of the unmerged PRs. This commit remained in the repository's git object store, and any workflow referencing @v5 would fetch and execute it.
The malicious code, disguised as a "scanner version telemetry" step, operates as follows:
91.214.78.178 (via security-verify.91.214.78.178.nip.io), transmitting hostname, username, and OS version.eval.The implant runs silently in the background alongside the legitimate scan, suppresses all errors, skips TLS certificate verification, and uses randomized polling intervals to evade detection.
This is a supply chain compromise via tag poisoning. Any GitHub Actions workflow referencing xygeni/xygeni-action@v5 during the affected window (approximately March 3–10, 2026) executed a C2 implant that granted the attacker arbitrary command execution on the CI runner for up to 180 seconds per workflow run.
The severity is set to Critical based on the potential impact. However, several factors reduce the realized risk: the v5 tag was primarily referenced by Xygeni-owned and Xygeni-affiliated repositories; no external public repositories were found using the compromised tag (though usage in private repositories cannot be ruled out); the exposure window was approximately 6 days; and no confirmed exploitation of downstream users has been established to date.
The compromised v5 tag has been removed from the repository. Users should update their workflows to pin to the verified safe commit SHA corresponding to v6.4.0:
| Vendor | Product |
|---|---|
| Xygeni | Xygeni Action |
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.
uses: xygeni/xygeni-action@13c6ed2797df7d85749864e2cbcf09c893f43b23 # v6.4.0
Workflows still referencing @v5 will fail with a reference not found error, as the tag no longer exists.
If your workflows ran with @v5 during the affected window, you should also:
91.214.78.178 or DNS lookups for security-verify.91.214.78.178.nip.io.As an alternative to using the GitHub Action, you may install and run the Xygeni scanner directly via the CLI installation method documented at https://docs.xygeni.io/xygeni-scanner-cli/xygeni-cli-overview/xygeni-cli-installation. This bypasses the GitHub Action entirely and is not affected by this incident.