Vulnerability in Xygeni Xygeni-action

CVE-2026-31976

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. The PRs were blo…

EPSS: 0.001 (25.2th percentile) — read the EPSS interpretation.

Affected products

Xygeni Xygeni-action — versions >= March 3, 2026, <= March 10, 2026

Weakness classification (CWE)

CWE-506

References

https://github.com/xygeni/xygeni-action/security/advisories/GHSA-f8q5-h5qh-33mh (x_refsource_CONFIRM)
https://github.com/xygeni/xygeni-action/issues/54 (x_refsource_MISC)