Executive Summary
On April 24, 2026 at 22:20:47 UTC, a malicious elementary-data==0.23.3 release was uploaded to PyPI StepSecurity opens in a new tab. The same release workflow also pushed a compromised multi-architecture container image to GitHub Container Registry at ghcr.io/elementary-data/elementary, including the 0.23.3 and latest tags StepSecurity opens in a new tab.
The attacker exploited a script-injection vulnerability in an Elementary GitHub Actions workflow, used the workflow's GITHUB_TOKEN to forge a release commit, and dispatched the legitimate publishing pipeline without modifying the master branch StepSecurity opens in a new tab. The malicious wheel and source distribution added a top-level elementary.pth file, which Python executes at interpreter startup when installed in site-packages; this means the payload could run even if the victim never explicitly imported elementary StepSecurity opens in a new tab.
Elementary's incident report defines the affected window as 2026-04-24 22:10 UTC through 2026-04-25 09:45 UTC and says users who installed 0.23.3 or ran the affected container should assume credentials available to that environment were exposed Elementary opens in a new tab. Snyk tracks the incident as SNYK-PYTHON-ELEMENTARYDATA-16316110, affecting only elementary-data==0.23.3; Elementary Cloud, the Elementary dbt package, and other CLI versions were not affected Snyk Vulnerability Database opens in a new tab. The clean replacement is 0.23.4 PyPI opens in a new tab.