COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-33634

CVE-2026-33634

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-03-26
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-33634
⌖ exploited in the wild shame 85/100 exploited-in-wildsupply-chaindata-breachnegligence

Aquasecurity Trivy contains an embedded malicious code vulnerability that allows attackers to exfiltrate all CI/CD secrets, including tokens, SSH keys, and cloud credentials.

This vulnerability enables attackers to access sensitive configuration and credentials stored in memory within the CI/CD environment, posing a severe supply-chain risk for DIB organizations relying on automated security scanning tools. The fact that it is actively exploited by threat actors and linked to ransomware campaigns means organizations must immediately patch or replace Trivy instances to prevent credential theft and unauthorized access to cloud infrastructure.

Shame score — The vendor shipped a tool with embedded malicious code that was actively exploited in the wild, indicating a critical failure in security controls and potentially negligent development practices.

Players implicated

Aquasecurity · vendorTrivy · product

Description

Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.