NuGet C o de Executi o n As A Service 02 June 2026 Jim Rush With supply chain attacks and CI/CD pipeline attacks occupying some of the cyber discourse lately, we decided we would take a look at how NuGet, Visual Studio and MSBuild interact and execute code before a project is even built. Several high profile supply and CI/CD attacks have taken place recently, such as the LiteLLM attack, where the upstream Trivy scanner was compromised. Ultimately by compromising the CI/CD pipeline, the PyPI publishing credentials for LiteLLM were compromised and backdoored versions of the packages were published. What is a CI/CD pipeline anyway? Continuous Integration (CI) and Continuous Delivery/Deployment (CD) is a fancy way of saying that every time a developer commits code, some automatons swarm over the committed code and perform certain actions. Depending on how the pipelines are architected, this could mean anything from automatic unit tests, package updates or full deployment of an application. Sounds pretty useful? Generally, it is and it can save a lot of developer time by automating the boring bits. Having a robust and efficient deployment pipeline can allow developers to move faster and recover more quickly from failure states when deployments go wrong. Compromising CI/CD pipelines As you would imagine, this usefulness comes with a trade-off. Build servers and deployment pipelines require access to various sensitive data, such as package publishing credentials, database connection strings and other secret material required to run web applications. There are lots of effective ways to help mitigate issues within this process, however some configurations still allow for credential theft and potential privilege escalation. What is NuGet anyway? NuGet is the package manager for all things .NET, used to manage packages and libraries used by .NET developers. Several key operations include: Restore - Reinstall all dependencies listed in a project configuration file Install - Add a new package to a project Update - Check for newer versions of the packages Uninstall - Remove a package Microsoft also frames NuGet restore as a security operation: the restore command automatically runs when you do a common package operation such as loading a project for the first time, adding a new package, updating a package version, or removing a package from your project in your favourite IDE. Your dependencies are checked against a list of known vulnerabilities provided by your audit sources. On the command line, navigate to your project or solution directory. Run restore using your preferred tooling (i.e. dotnet, MSBuild, NuGet.exe, VisualStudio etc). Review the warnings and address the known security vulnerabilities. The relationship between NuGet and MSBUILD In 2017, NuGet was "fully integrated into MS Build" , which introduced the concept of PackageReference and allowed for NuGet Restore to run as a background task, which would automatically restore projects when a project was loaded or saved. Another feature that NuGet allows for is custom build targets and properties. The documentation states: In addition to the more traditional assemblies, NuGet packages may sometimes add custom build targets or properties to projects that consume that package. This can be achieved by adding a valid MSBuild file, in the form <package_id>.targets or <package_id>.props (such as Contoso.Utility.UsefulStuff.targets) within the build folders of the project. Why is my package manager even executing code? The thing about .targets files is that they "contain items, properties, targets, and tasks" . Tasks in MSBuild can do a lot of things and are designed to be useful bits of code to run specific, well defined tasks during the build process. One in particular stands out: the exec task, which "Runs the specified program or command by using the specified arguments". Fun! Let's see what that looks like: <Project> <Target Name="EvilTarget" BeforeTargets="Restore;CollectPackageReferences"> <Exec Command="cmd.exe /c echo NuGet RCE PoC > %USERPROFILE%\Desktop\PWNED.txt" /> </Target> </Project> Lets analyse the file. The BeforeTargets directive tells NuGet/MSBuild that this target should run before the specified targets, namely before NuGet Restore and CollectPackageReferences operations - i.e early in the pipeline, before dependencies are resolved and before package references are fully processed. This was raised to the NuGet team as a security issue in 2020, and their answer then was '...I believe we will break many packages, tools, etc that heavily rely on this functionality without an alternative' . Mark Of the Web: Visual Studio Edition Microsoft has the concept of Mark Of The Web (MoTW), which indicates if a file has originated from the internet. There are several reasons this is applied, and MoTW allows the opening programs to perform additional inspection of the content, and provide a warning to the user if they're about to open something of dubious origin...