External risk intelligence

Trivy could allow external attacker to steal credentials from CI/CD pipelines

CVE advisoryKnown Exploit

CVE-2026-33634

A supply chain compromise in Trivy, trivy-action, and setup-trivy allows an external attacker to inject malicious code into development pipelines. This enables the theft of secrets, such as API tokens and cloud credentials, potentially granting unauthorized access to critical business infrastructure.

1Halo Surface Signal

Aquasec Setup Trivy

before 0.2.60.69.4before 0.35.01.82.71.82.84.87.14.87.2

External exposure likelihood

Halo Surface Signal score for CVE-2026-33634

The vulnerability affects CI/CD pipeline build tools used during the development lifecycle. This is a build-time dependency executed within internal or restricted build environments, not a public-facing network service, web application, or edge gateway.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A security issue in Trivy, a popular security scanner, allowed an attacker to publish malicious versions of the software and related GitHub Actions. This incident, an escalation of a prior supply chain attack, could expose sensitive information processed by affected pipelines. Teams should review their use of Trivy and associated tools immediately to prevent potential compromise.

  • Sensitive data in pipelines may be exposed.
  • Malicious code was distributed via software updates.
  • This impacts software development workflows.

Attack Path

How an attacker could exploit the issue

An attacker with prior access, likely from an earlier credential compromise, can inject malicious code into a popular security scanner and its associated GitHub Actions. This allows them to poison the software supply chain, leading to sensitive information exposure for anyone using the compromised versions in their CI/CD pipelines.

  • Requires prior access.
  • Targets Trivy tooling.
  • Exposes CI/CD secrets.

Live Threat

Current exploitation, exposure, and threat context

Attackers are likely to target this vulnerability due to its supply chain nature, which can lead to widespread compromise. The specific incident involved compromised credentials to inject malicious code into widely used development tools. This allows attackers to potentially access sensitive information within CI/CD environments, making it an attractive target.

  • KEV listed
  • Supply chain attack vector
  • Recent incident activity

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize immediate actions to identify and contain the supply chain compromise. Teams must thoroughly review all workflows that utilized the affected `aquasecurity/trivy-action` and `aquasecurity/setup-trivy` GitHub Actions, especially if version tags, not commit SHAs, were used. Treat all secrets accessible to these pipelines as potentially exposed and initiate rotation immediately, focusing on repositories named `tpcp-docs` as an indicator of exfiltration.

  • Remove affected Trivy artifacts immediately.
  • Rotate all secrets accessed by affected pipelines.
  • Pin GitHub Actions to immutable commit SHAs.

Frequently asked questions

What is Trivy and what is it used for?

Trivy is an open-source security scanner that detects vulnerabilities, misconfigurations, and exposed secrets in various software artifacts. It is used to scan container images, filesystems, Git repositories, virtual machine images, and Kubernetes deployments, aligning with DevSecOps practices by integrating into CI/CD systems.

What kind of vulnerability does CVE-2026-33634 represent?

CVE-2026-33634 is an embedded malicious code vulnerability, specifically a supply chain compromise. An attacker published a malicious version of Trivy and related GitHub Actions after gaining access through compromised credentials, enabling the theft of secrets from CI/CD pipelines.

How could an attacker exploit CVE-2026-33634?

An attacker with prior access could use compromised credentials to publish malicious versions of Trivy and its associated GitHub Actions. This allows them to inject malware that exfiltrates secrets, such as API keys and credentials, from affected CI/CD pipelines. This attack is not triggered by a user directly interacting with the vulnerability, but rather by unknowingly using the compromised software.

Who should be concerned about CVE-2026-33634?

Organizations that use Trivy, particularly its `aquasecurity/trivy-action` and `aquasecurity/setup-trivy` GitHub Actions, should be concerned. The vulnerability is considered external due to its network attack vector, meaning it can affect systems accessible via a network. Teams that referenced mutable version tags for these actions instead of immutable commit SHAs are at higher risk.

What are the first steps to respond to CVE-2026-33634?

Immediately review workflows using `aquasecurity/trivy-action` or `aquasecurity/setup-trivy`. Treat all secrets accessible to affected pipelines as compromised and rotate them. Remove any affected artifacts, such as Trivy v0.69.4, and pin GitHub Actions to full commit SHAs to prevent future supply chain attacks.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified