THREAT OPS › CVEs › CVE-2026-33634
CVE-2026-33634 — Aquasecurity Trivy Embedded Malicious Code Vulnerability
Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory.
Vulnerability details
- Affected productsTrivy
- KEV remediation due2026-04-09