NVD disclosure day

Published threat advisories for March 23, 2026

CVE advisoryKnown Exploit

CVE-2026-33634

Trivy could allow external attacker to steal credentials from CI/CD pipelines

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A supply chain compromise in Trivy, trivy-action, and setup-trivy allows an external attacker to inject malicious code into development pipelines. This enables the theft of secrets, such as API tokens and cloud credentials, potentially granting unauthorized access to critical business infrastructure.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2026-3055

Citrix NetScaler allows attackers to access sensitive data due to a flaw in how it handles requests

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Citrix NetScaler's SAML identity provider has a critical flaw allowing attackers to read sensitive memory, potentially exposing confidential data. This affects internet-facing systems and demands immediate attention.

NVD published: • CISA KEV