An open-source package with over 1 million monthly downloads has a vulnerability that has been exploited to distribute malware-infected versions and steal user credentials.



Elementary 's open-source Python CLI package, which receives over 1 million downloads per month, was attacked by a vulnerability in the developer account workflow, resulting in access to signing keys and other sensitive information.

Security Incident Report: Malicious release of Elementary OSS Python CLI v0.23.3 | Elementary Data
https://www.elementary-data.com/post/security-incident-report-malicious-release-of-elementary-oss-python-cli-v0-23-3



Open source package with 1 million monthly downloads stolen user credentials - Ars Technica
https://arstechnica.com/security/2026/04/open-source-package-with-1-million-monthly-downloads-stole-user-credentials/



On April 24, 2026, local time, an unknown attacker exploited a vulnerability in a developer account to distribute a new version of the 'Elementary Open Source Python CLI,' a command-line interface (CLI) for monitoring the performance and anomalies of machine learning systems.

Running this new version of 'Elementary Open Source Python CLI' could steal sensitive data from your system, including user profiles, data warehouse credentials, cloud provider keys, API tokens, and SSH keys.

The version of the Elementary Open Source Python CLI containing the malware was '0.23.3,' which was released from the developer's Python Package Index and Docker image accounts. However, this version 0.23.3 was removed by the developer 12 hours after its release. Note that Elementary Cloud, the Elementary dbt package, and other CLI versions were not affected.



The developers of the Elementary Open Source Python CLI explain, 'Users who installed version 0.23.3, or who pulled and ran the affected Docker image, should assume that their credentials, which could have access to the environment in which they ran, may have been compromised.'

The attacker exploited a vulnerability in

GitHub Actions created by the developer to gain access to the developer's account. By submitting malicious code in a pull request, the attacker executed a Bash script that ran within the developer's account. Using this Bash script, the attacker obtained the account token and signing key, and exposed a malicious Elementary Open Source Python CLI that was almost indistinguishable from a legitimate one.

The developers of the Elementary Open Source Python CLI became aware of the unauthorized access after receiving a third-party vulnerability report . The development team has since fixed the vulnerability and audited all other GitHub Actions to ensure they do not contain the same flaw.

The Elementary Open Source Python CLI development team recommends that all developers who have installed version 0.23.3 'uninstall version 0.23.3', 'delete cache files', 'check for malware marker files on machines where the CLI may have been run', 'rotate any credentials that were accessible from environments where version 0.23.3 was running', and 'contact the security team to request an investigation into the misuse of leaked credentials'.

Elementary explained that the Elementary Open Source Python CLI, which was the victim of the hacking, 'was not created by the Elementary team.'



'Supply chain attacks against open-source repositories have been increasing over the past decade. In some cases, malicious packages can cause a user's system to be compromised, leading to a chain reaction of damage as the user's environment is compromised,' points out technology media outlet Ars Technica.

HD Moore, a hacker with over 40 years of experience and founder and CEO of runZero , pointed out that user-developed repository workflows like GitHub Actions are 'notorious for being vulnerable.' He added, 'This is a big problem for open-source projects with open repositories. It's very difficult to avoid unintentionally creating dangerous workflows that can be exploited by attacker pull requests.'

Related Posts:

in Security, Posted by logu_ii