🟢 CVE-2026-33634

CVE-2026-33634 represents a supply chain compromise where malicious code was embedded in security tools (Trivy, LiteLLM) and GitHub Actions. While technically network-exploitable, this is not a direct internet-facing application vulnerability but rather requires victims to download and execute compromised packages.

← Back to Overview
LOW_RISK
Risk Level
9.4
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1195 — Supply Chain Compromise
ATT&CK Technique
LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2026-03-23

Added to CISA KEV: 2026-03-26 3 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-03-27)

CVE-2026-33634 is a critical vulnerability with a CVSS score of 9.4, stemming from a supply chain attack on the Trivy security scanner [8] [15]. The attack involved compromised credentials being used to publish a malicious version of Trivy (v0.69.4) and alter version tags in related GitHub Actions [5] [16] [8]. This allowed for credential theft [3] [10] [8], as the embedded malware targeted GitHub Actions runner environments to extract secrets [2] [7].

Here's a breakdown of what is known about its exploitation:

  • Internet-facing applications or services: While the vulnerability itself is within the Trivy security scanner, its exploitation has significant implications for organizations relying on CI/CD pipelines and DevOps practices [1] [14]. Trivy is widely used to detect security issues in container images, file systems, and repositories, making its compromise a severe supply chain risk [1] [14] [13]. The attack has also expanded to affect other frameworks like Checkmarx KICS and LiteLLM [7], and malicious Docker images were pushed [12].
  • Evidence of active exploitation in the wild: Yes, there is clear evidence of active exploitation [9] [18] [14] [13]. CISA added CVE-2026-33634 to its Known Exploited Vulnerabilities (KEV) Catalog on March 26, 2026, citing evidence of active exploitation [4] [9] [1] [17] [14] [13]. Some reports indicate that exploitation has been ongoing since March 19, 2026 [5] [19].
  • Attack vectors and exploitation methods: The primary attack vector is a supply-chain compromise [6]. Threat actors, identified as TeamPCP, used compromised credentials to publish malicious versions of Trivy and its associated GitHub Actions [2] [10] [20] [8]. The malicious code embedded within these components acted as an information-stealing malware [10], targeting ephemeral runner environments within CI/CD pipelines to harvest credentials, keys, and tokens [2] [10].
  • Whether it's been used in targeted attacks: The information available points to a widespread supply chain attack rather than specifically targeted attacks against individual organizations. The compromise of a widely used security tool like Trivy allows attackers to potentially impact a large number of organizations that integrate it into their development workflows [1] [14].
  • CISA Known Exploited Vulnerabilities status: CVE-2026-33634 has been added to the CISA Known Exploited Vulnerabilities (KEV) Catalog [4] [9] [1] [17] [14] [13]. This addition signifies that CISA has credible evidence of active exploitation in the wild [11].
  • Technical details about internet exploitability: The exploitability is rooted in the supply chain compromise of the Trivy ecosystem [3] [3] [6]. The vulnerability arises from the use of mutable tags in GitHub Actions and the ability for threat actors to publish malicious code disguised as legitimate updates [3] [2] [16]. The malicious payload, upon execution in a GitHub Actions runner, performs process discovery to locate and steal secrets [7]. The attack vector requires a compromised personal access token or credential to publish malicious artifacts [6].

Sources

  1. CISA Adds Critical Aquasecurity Trivy Scanner

    Tracked as CVE-2026-33634, this security weakness involves embedded malicious code that targets continuous integration and continuous deployment (CI/CD) environments. ... Because Trivy is a widely adopted open-source vulnerability scanner used natively within DevOps pipelines, this active exploitati…

  2. CVE-2026-33634 and the Trivy supply chain compromise - Penligent

    CVE-2026-33634 tracks the Trivy supply chain compromise that turned a trusted security scanner and its GitHub Actions into a path for credential theft. This article breaks down the attack chain, affected versions, payload behavior, detection steps, recovery actions, and the GitHub Actions hardening…

  3. CVE-2026-33634: CVE-2026-33634: Remote Supply Chain Compromise in Trivy ...

    A highly critical supply chain compromise affecting the Aqua Security Trivy ecosystem, including the core scanner and its associated GitHub Actions. The attack, attributed to the threat actor TeamPCP, leveraged compromised CI/CD credentials and non-atomic secret rotation to embed malicious code with…

  4. CISA Adds One Known Exploited Vulnerability to Catalog | CISA

    CVE-2026-33634 Aqua Security Trivy Embedded Malicious Code Vulnerability. This type of vulnerability is a frequent attack vector for ...

  5. CVE-2026-33634 : Trivy is a security scanner. On March 19, 2026, a ...

    CVE-2026-33634 : Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 7…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed