aquasecurity setup-trivy/trivy-action/trivy up to 0.2.5 malicious code
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.4 | $0-$5k | 0.00 |
Summary
A vulnerability described as critical has been identified in aquasecurity setup-trivy, trivy-action and trivy up to 0.2.5. The affected element is an unknown function. The manipulation results in malicious code. This vulnerability is cataloged as CVE-2026-33634. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended.
Details
A vulnerability was found in aquasecurity setup-trivy, trivy-action and trivy up to 0.2.5. It has been classified as critical. Affected is an unknown code block. The manipulation with an unknown input leads to a malicious code vulnerability. CWE is classifying the issue as CWE-506. The product contains code that appears to be malicious in nature. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with malicious commits. This incident is a continuation of the supply chain attack that began in late February 2026. Following the initial disclosure on March 1, credential rotation was performed but was not atomic (not all credentials were revoked simultaneously). The attacker could have use a valid token to exfiltrate newly rotated secrets during the rotation window (which lasted a few days). This could have allowed the attacker to retain access and execute the March 19 attack. Affected components include the `aquasecurity/trivy` Go / Container image version 0.69.4, the `aquasecurity/trivy-action` GitHub Action versions 0.0.1 – 0.34.2 (76/77), and the`aquasecurity/setup-trivy` GitHub Action versions 0.2.0 – 0.2.6, prior to the recreation of 0.2.6 with a safe commit. Known safe versions include versions 0.69.2 and 0.69.3 of the Trivy binary, version 0.35.0 of trivy-action, and version 0.2.6 of setup-trivy. Additionally, take other mitigations to ensure the safety of secrets. If there is any possibility that a compromised version ran in one's environment, all secrets accessible to affected pipelines must be treated as exposed and rotated immediately. Check whether one's organization pulled or executed Trivy v0.69.4 from any source. Remove any affected artifacts immediately. Review all workflows using `aquasecurity/trivy-action` or `aquasecurity/setup-trivy`. Those who referenced a version tag rather than a full commit SHA should check workflow run logs from March 19–20, 2026 for signs of compromise. Look for repositories named `tpcp-docs` in one's GitHub organization. The presence of such a repository may indicate that the fallback exfiltration mechanism was triggered and secrets were successfully stolen. Pin GitHub Actions to full, immutable commit SHA hashes, don't use mutable version tags.
The advisory is shared for download at github.com. This vulnerability is traded as CVE-2026-33634 since 03/23/2026. The exploitability is told to be easy. It is possible to launch the attack remotely. Technical details are unknown but an exploit is available.
It is declared as attacked. This issue was added on 03/26/2026 to the CISA Known Exploited Vulnerabilities Catalog with a due date of 04/09/2026:
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.Upgrading to version 0.2.6 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at Zero-Day.cz (1083). Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3
VulDB Meta Base Score: 7.6VulDB Meta Temp Score: 7.4
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 8.8
NVD Vector: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Malicious codeCWE: CWE-506
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Attacked
EPSS Score: 🔒
EPSS Percentile: 🔒
KEV Added: 🔒
KEV Due: 🔒
KEV Remediation: 🔒
KEV Ransomware: 🔒
KEV Notice: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Zero-Day.cz: 🔒
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: setup-trivy/trivy-action/trivy 0.2.6
Timeline
03/23/2026 CVE reserved03/24/2026 Advisory disclosed
03/24/2026 VulDB entry created
05/10/2026 VulDB entry last update
Sources
Advisory: GHSA-69fq-xp46-6x23Status: Confirmed
CVE: CVE-2026-33634 (🔒)
GCVE (CVE): GCVE-0-2026-33634
GCVE (VulDB): GCVE-100-352644
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 03/24/2026 02:54Updated: 05/10/2026 10:30
Changes: 03/24/2026 02:54 (66), 03/26/2026 20:12 (13), 03/28/2026 06:41 (12), 05/10/2026 10:30 (2)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.