External risk intelligence

Spinnaker allows attackers to steal credentials and control your systems.

CVE advisorySeverity: CRITICAL (CVSS 9.9)

CVE-2026-32604

An external attacker can exploit a flaw in Spinnaker to run unauthorized commands on the server. This could allow them to steal sensitive cloud credentials, modify production infrastructure, and compromise the integrity of the software delivery process.

3Halo Surface Signal

Linuxfoundation Spinnaker

before 2025.3.22025.4.0 to before 2025.4.22026.0.0 to before 2026.0.1

External exposure likelihood

Halo Surface Signal score for CVE-2026-32604

Spinnaker is a continuous delivery platform typically deployed as an internal enterprise application. While it features a web interface accessible over corporate networks, it is generally protected by VPNs, SSO, or internal network controls rather than being intentionally exposed to the public internet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability exists in Spinnaker that allows unauthorized commands to be executed on clouddriver pods. This could lead to serious consequences like credential exposure and system compromise. Teams using Spinnaker should pay close attention to this issue.

  • Compromise of sensitive credentials.
  • Potential for widespread system damage.
  • Attack requires existing access.

Attack Path

How an attacker could exploit the issue

An authenticated attacker with low privileges can execute arbitrary commands on Spinnaker's clouddriver pods. This allows them to compromise sensitive credentials, modify system files, or deploy malicious resources within the target environment.

  • Low-privileged access needed.
  • Targets clouddriver pods.
  • Git repo artifact types enabled.

Live Threat

Current exploitation, exposure, and threat context

Attackers will likely find this vulnerability appealing due to its critical severity and the potential for arbitrary command execution on critical infrastructure. While the CVE is publicly disclosed, there is no immediate signal of widespread active exploitation, suggesting a window for proactive patching.

  • Public exploit code not yet observed.
  • Critical severity, offering significant impact.
  • Patched in recent versions.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching Spinnaker to 2026.1.0, 2026.0.1, 2025.4.2, or 2025.3.2 to address command execution vulnerabilities. If patching is delayed, disable the `gitrepo` artifact type as a workaround to mitigate risk.

  • Apply specific patch versions.
  • Disable `gitrepo` artifact type.
  • Monitor for unauthorized command execution.

Frequently asked questions

What is Spinnaker and what is it used for?

Spinnaker is an open-source platform for continuous delivery across multiple cloud environments. It helps organizations automate the deployment of applications to various cloud providers, streamlining the software release process.

What kind of vulnerability does CVE-2026-32604 represent?

CVE-2026-32604 is a critical vulnerability categorized as CWE-20, improper input validation. This flaw allows an attacker to execute arbitrary commands on Spinnaker's clouddriver pods, potentially leading to credential theft and system compromise.

What preconditions are needed for an attacker to exploit this Spinnaker vulnerability?

An attacker needs to have authenticated, low-privileged access to the Spinnaker environment. The vulnerability is triggered by the presence of the `gitrepo` artifact type being enabled.

Who should be concerned about CVE-2026-32604?

Organizations using Spinnaker should be concerned, particularly those where Spinnaker is accessible over internal networks. While not typically internet-facing, its internal access makes it a target for threats within the network perimeter.

What are the first steps to respond to this Spinnaker CVE?

The primary response is to update Spinnaker to a patched version: 2026.1.0, 2026.0.1, 2025.4.2, or 2025.3.2. As a temporary workaround, disabling the `gitrepo` artifact type can mitigate the risk if immediate patching is not feasible.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified