CVE-2026-31852
Arbitrary Code Execution via GitHub Actions in Jellyfin-iOS
Publication date: 2026-03-11
Last updated on: 2026-03-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jellyfin | jellyfin | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "The vulnerability in CVE-2026-31852 affects the GitHub Actions workflow file `code-quality.yml` in the `jellyfin/jellyfin-ios` repository. It allows arbitrary code execution triggered by pull requests from forked repositories due to the workflow's excessive permissions, which include nearly all write capabilities."}, {'type': 'paragraph', 'content': 'This means that an attacker can execute malicious code within the workflow environment, leading to severe consequences such as full takeover of the repository, exfiltration of privileged secrets, supply chain attacks on the Apple App Store, poisoning of packages in the GitHub Container Registry, and even full compromise of the Jellyfin organization through misuse of cross-repository tokens.'}, {'type': 'paragraph', 'content': 'Importantly, this vulnerability is not due to a flaw in the application code itself but arises from insecure configuration of the GitHub Actions workflows.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have critical impacts including:
- Complete takeover of the `jellyfin/jellyfin-ios` repository.
- Exfiltration of highly privileged secrets such as bot tokens and Apple App Store Connect API credentials.
- Apple App Store supply chain attacks, which could allow malicious updates to iOS apps.
- Poisoning of packages in the GitHub Container Registry (`ghcr.io`).
- Full compromise of the Jellyfin organization through cross-repository token misuse.
The vulnerability has a critical CVSS score of 10.0, indicating it is easy to exploit remotely without any privileges or user interaction, and can lead to high confidentiality, integrity, and availability impacts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability arises from the GitHub Actions workflow configuration in the jellyfin/jellyfin-ios repository, specifically the code-quality.yml workflow that runs with elevated permissions and is triggered by pull requests from forked repositories.
Detection involves reviewing the GitHub Actions workflows in your repository to identify if the code-quality.yml workflow or similar workflows are configured to run with excessive permissions, especially if they use the pull_request_target event or allow arbitrary code execution from forked pull requests.
Since this is a workflow configuration issue rather than a network or system vulnerability, traditional network commands or system scans will not detect it.
To detect if your repository is vulnerable, you can manually inspect the workflow files in the .github/workflows directory for the presence of the code-quality.yml workflow or similar workflows that run with write permissions and are triggered by pull requests from forks.
No specific commands are provided in the resources for automated detection on your network or system.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the GitHub Actions workflows to remove or restrict the use of the pull_request_target event that allows arbitrary code execution from forked pull requests.
Specifically, the code-quality.yml workflow should be modified to reduce permissions, avoid running with nearly all write permissions, and replace the pull_request_target trigger with pull_request where appropriate.
Additionally, all relevant secrets such as JF_BOT_TOKEN and Apple App Store Connect API credentials must be rotated to prevent misuse from any previously compromised tokens.
The jellyfin/jellyfin-ios repository has already updated its workflows to modularize and secure the CI process, as seen in the separation of SonarCloud analysis into a distinct workflow with reduced permissions.
No new software version is required; mitigation relies solely on patched CI workflows and secret rotation.