Full Report
Aqua Security security advisory (AV26-283)
Analysis Summary
# Vulnerability: Supply Chain Compromise of Aqua Security Trivy Ecosystem
## CVE Details
- **CVE ID:** CVE-2026-33634
- **CVSS Score:** 9.8 (Critical) – *Estimated based on reported supply chain impact and criticality.*
- **CWE:** CWE-506 (Embedded Malicious Code) / CWE-912 (Screensaver/Backdoor)
## Affected Systems
- **Products:**
- Trivy (Standalone)
- Trivy DockerHub Images
- GitHub Actions (setup-trivy and trivy-action)
- **Versions:**
- **trivy:** v0.69.4
- **trivy dockerhub images:** v0.69.5 and v0.69.6
- **setup-trivy:** Versions prior to v0.2.6
- **trivy-action:** Versions prior to v0.35.0
- **Configurations:** Systems utilizing automated CI/CD pipelines or container images pulled during the period of compromise.
## Vulnerability Description
This vulnerability stems from a temporary supply chain compromise of the Trivy ecosystem. Malicious code was likely injected into specific versions of the Trivy binary and its associated deployment actions. Because Trivy is used for security scanning, it often operates with high privileges or access to sensitive environment variables (such as API keys and cloud credentials), making a compromise of the tool itself particularly severe.
## Exploitation
- **Status:** **Exploited in the wild.**
- **Complexity:** Low (Automatic execution upon running the affected tool).
- **Attack Vector:** Network / Supply Chain.
## Impact
- **Confidentiality:** High (Potential theft of secrets, source code, and environment credentials).
- **Integrity:** High (Potential for unauthorized modification of CI/CD outputs or container images).
- **Availability:** High (Potential for system disruption or command execution).
## Remediation
### Patches
Update to the following versions immediately to ensure the use of clean, non-compromised assets:
- **trivy:** Update to version **v0.69.7** or later.
- **setup-trivy GitHub Action:** Update to **v0.2.6** or later.
- **trivy-action GitHub Action:** Update to **v0.35.0** or later.
- **DockerHub:** Pull only images tagged later than v0.69.6.
### Workarounds
- **Pinned Versions:** If unable to update immediately, revert to a known-safe version (e.g., v0.69.3) and verify checksums against official Aqua Security releases.
- **Credential Rotation:** As a precaution, rotate any credentials (AWS keys, GitHub tokens, Docker Hub secrets) that were exposed to CI/CD environments running the affected versions.
## Detection
- **Indicators of Compromise:** Unusual outbound network traffic from CI/CD runners to unknown IP addresses; unauthorized access to repository secrets.
- **Detection Methods:**
- Audit CI logs for the use of affected versions (`v0.69.4`, `v0.69.5`, `v0.69.6`).
- Use binary integrity verification (checksums) to compare installed Trivy instances against official, verified releases.
## References
- Aqua Security Advisory: hxxps[://]github[.]com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23
- Canadian Centre for Cyber Security (AV26-283): hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/aqua-security-security-advisory-av26-283
- Aqua Security General Advisories: hxxps[://]github[.]com/aquasecurity/trivy/security/advisories/