CVE-2026-33634: Aquasecurity Trivy Embedded Malicious Code Vulnerability.

Aquasecurity Trivy Embedded Malicious Code Vulnerability. Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory.

• CISA KEV-listed (remediation due 2026-04-09)
• EPSS 23.9% (96.1% percentile)

Browse the CVE database

Read the full analysis on IntelFusions