CVE-2026-33634: Critical Vulnerability in Aquasec Trivy

On March 19, 2026, a critical vulnerability was discovered in Aquasec's Trivy, a widely used security scanner. This vulnerability allows attackers to gain access to sensitive information within CI/CD environments, including tokens, SSH keys, cloud credentials, and database passwords. The attack was executed using compromised credentials that led to the publication of a malicious Trivy v0.69.4 release.

The attack is part of an ongoing supply chain compromise that dates back to late February 2026. Initial credential rotation efforts on March 1, 2026, were not atomic, which may have allowed the attacker to exfiltrate newly rotated secrets during the rotation window. This incident highlights the critical need for organizations to ensure their credential management practices are robust and secure.

Affected components include the `aquasecurity/trivy` Go/Container image version 0.69.4, the `aquasecurity/trivy-action` GitHub Action versions 0.0.1 – 0.34.2, and the `aquasecurity/setup-trivy` GitHub Action versions 0.2.0 – 0.2.6. Organizations that may have deployed the compromised version must treat all secrets exposed to affected pipelines as compromised and rotate them immediately.

The urgency for defenders is high, as the CVSS score for this vulnerability is 9.4, indicating a critical severity level. Organizations should prioritize patching immediately to mitigate risks associated with this incident.

Vulnerability Details

The vulnerability is classified under CWE-506, which pertains to issues with security and authentication in software. The CVSS score of 9.4 reflects an attack vector of 'NETWORK', with low attack complexity and low privileges required for exploitation. The potential impact on confidentiality, integrity, and availability is rated as 'HIGH'. The compromise of secrets and the ability for attackers to manipulate environments underscores the critical nature of this vulnerability.

Technical Analysis

The root cause of this vulnerability is a supply chain attack, where the attacker leveraged compromised credentials to publish a malicious version of Trivy. The attack vector was through the network, allowing the attacker to manipulate version tags and introduce credential-stealing malware.

The attack complexity is low, requiring minimal effort to exploit once access is gained. No user interaction is required for the attack to succeed. The attack can have significant impacts on confidentiality, integrity, and availability, potentially allowing the attacker to access sensitive information in an organization's CI/CD environment.

Risk & Impact Analysis

The risk to organizations includes the potential for significant data breaches, loss of sensitive credentials, and widespread disruption across development and operational environments. The blast radius could extend to multiple products and services that utilize the affected components, making the impact potentially severe.

Given the critical nature of this vulnerability and its exploitation status, organizations must take immediate action to assess their exposure and implement necessary mitigations. The urgency of the situation is underscored by its classification within the KEV catalog as actively exploited.

Exploitation Status

Affected Versions

Affected products include versions of `aquasecurity/trivy` (0.69.4), the `aquasecurity/trivy-action` GitHub Action (versions 0.0.1 – 0.34.2), and the `aquasecurity/setup-trivy` GitHub Action (versions 0.2.0 – 0.2.6). Organizations should upgrade to known safe versions, including `trivy` versions 0.69.2 and 0.69.3, `trivy-action` version 0.35.0, and `setup-trivy` version 0.2.6.

Mitigation & Remediation

To mitigate the risks associated with this vulnerability, organizations should immediately rotate all credentials that were accessible to the affected pipelines. Additionally, implement the following measures:

1. Upgrade to the latest secure versions of all affected components.

2. Pin GitHub Actions to full, immutable commit SHA hashes instead of using mutable version tags.

3. Review all workflows utilizing `aquasecurity/trivy-action` or `aquasecurity/setup-trivy` for signs of compromise.

4. Remove any affected artifacts from your environment.

Detection Guidance

Organizations should monitor logs for any signs of unauthorized access to repositories utilizing the compromised components. Specific indicators of compromise may include suspicious repository names, such as `tpcp-docs`, and any unusual activities in workflows from March 19–20, 2026.

AppSecure Threat Intelligence Insight

This incident underscores the significant risks associated with supply chain vulnerabilities, particularly in CI/CD environments. Organizations must prioritize secure development practices and ensure that credential management processes are robust. For further reading on supply chain security and mitigation strategies, consider reviewing our resources on supply chain security and vulnerability management.

The ongoing nature of this attack and the potential for further exploitation makes it imperative for security teams to remain vigilant and proactively assess their defenses.