A supply chain attack compromised the elementary-data PyPI package (v0.23.3), a dbt-native data observability CLI with over 1 million monthly downloads. The attacker exploited a GitHub Actions script injection vulnerability by posting a crafted PR comment that executed arbitrary code via an unsanitized `github.event.comment.body` expression in a workflow `run:` block. Using the stolen GITHUB_TOKEN, the attacker forged a release commit, tagged it v0.23.3, and triggered the legitimate CI/CD pipeline to publish the malicious package. The payload, embedded in a `.pth` file for automatic execution at Python startup, stole dbt profiles, cloud provider credentials (AWS, GCP, Azure), SSH keys, Kubernetes configs, package manager tokens, and more, exfiltrating everything to a C2 server. The attack window was roughly 8–10 hours (April 24–25, 2026). Remediation steps include upgrading to v0.23.4, rotating all exposed credentials, auditing GitHub Actions workflows, and switching to PyPI Trusted Publishers with short-lived OIDC tokens.
Table of contents
TL;DRWhat is elementary-data?How the attack unfoldedInside the payload: What the malware didImpact and scopeDetection: Are You Affected?RemediationThe repeating patternSecure your supply chain with SnykSort: