CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Apr 9, 2026
Description
Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory.
EPSS — Exploit Probability
Higher than 96.3% of all CVEs
Required Action
This vulnerability involves a supply‑chain compromise in a product that may be used across multiple products and environments. Additional vendor‑provided guidance must be followed to ensure full remediation. For more information, please see: https://github.com/advisories/GHSA-69fq-xp46-6x23 ; https://nvd.nist.gov/vuln/detail/CVE-2026-33634
Related Articles (4)
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
TeamPCP compromised 2 GitHub Actions post-March 19, 2026 breach, enabling credential theft and supply chain attacks.
Mar 24, 2026
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
Mar 25, 2026
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Mar 27, 2026
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
Mar 26, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 26.6%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 4
Timeline
Published
Mar 26, 2026
Added to KEV
Mar 26, 2026
Remediation Due
Apr 9, 2026