CVE-2026-33634HIGH · 8.8TrackedCISA KEV

Aquasecurity · Trivy

Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory.

Disclosed

2026-03-23

78 days ago

Status

no honeypot capture yet

on CISA KEV — watching

7-day events

across 0 distinct IPs

7-day spread

0 ASN · 0 cty

0 active days

Top ASNs

No events captured yet.

Top countries

No events captured yet.

References

https://github.com/advisories/GHSA-69fq-xp46-6x23
https://nvd.nist.gov/vuln/detail/CVE-2026-33634

↗ NVD ↗ CISA KEV ↗ Search analyses