[Security] Malicious elementary.pth file in release 0.23.3

[crisperik]

The latest release v0.23.3 dsajdkjsajkdsajk seems to contain malicious base64 encoded code that tries to execute on installation. The release looks similar to the compromised versions of litellm.

[H-Max]

Indeed, I posted a message on the Elementary slack to mention it, hopefully a maintainer removes this tag / release asap.

[Maayan-s]

@H-Max @crisperik

Thank you for reporting, we are investigating the issue.
Immediate actions we took:

• We removed the version from GitHub
• The project is now quarantined in PyPi, not available for new downloads
• We are investigating the breach and taking measures to remediate

[H-Max]

Be careful, the release is gone but the tag still exists.

[Maayan-s]

@H-Max Yes, removed.
Removed from PyPi and the Docker image as well.

[Maayan-s]

@H-Max @crisperik

I'm sharing here the message we published on Slack, and will leave the issue open until we publish a more comprehensive incident report:

⚠️🚨 This is a notification of a security incident 🚨⚠️
As of now these are our findings -

TL;DR
Elementary Python CLI 0.23.3 contains malicious code.
It was published on April 24 22:10  (UTC) and removed on April 25 9:45 (UTC).
There was no impact on Elementary Cloud and the Elementary dbt package, and no other versions of the CLI were affected.
If you ran the impacted version, you should remove it and rotate credentials.

What happened?

• On April 24, 2026 at 22:20 UTC, a malicious release of the Elementary Python CLI - version 0.23.3 - was published to PyPI, followed at 22:24 UTC by a malicious Docker image pushed to our registry.
• These artifacts were not produced by the Elementary team.
• An attacker opened a PR with malicious code, and exploited a script-injection vulnerability in one of our GitHub Actions workflows to publish it as release 0.23.3.
• The Elementary team investigated and remediated, the malicious version was removed at April 25 9:45 (UTC).

Who is affected?
Users who ran 0.23.3, or who pulled and ran the affected Docker image, should assume that any credentials accessible to the environment where it ran may have been exposed.
Elementary Cloud and the Elementary dbt package and were not affected, and no other versions of the CLI were affected.

What should you do?
If you did not install version 0.23.3 - no action is required.
If you installed elementary-data 0.23.3, please take the following steps:

1. Check your installed version:
   pip show elementary-data | grep Version.
   If the version is 0.23.3, uninstall it and replace with the safe version:
   pip uninstall elementary-data
pip install elementary-data==0.23.4
2. In your requirements and lockfiles, pin explicitly to elementary-data==0.23.4.
3. Rotate any credentials that were accessible from the environment where 0.23.3 ran: dbt profiles, warehouse credentials, cloud provider keys, API tokens, SSH keys, and the contents of any .env files. CI/CD runners are especially exposed because they typically have broad sets of secrets mounted at runtime.

We will update as our investigation progresses, and share measures we are taking to prevent it from happening again.

We deeply regret the disruption and concern this incident has caused our community.
The Elementary team