CVE-2026-33634: CVE-2026-33634: Remote Supply Chain Compromise in Trivy Ecosystem via Non-Atomic Secret Rotation

CVE-2026-33634: Remote Supply Chain Compromise in Trivy Ecosystem via Non-Atomic Secret Rotation

Vulnerability ID: CVE-2026-33634
CVSS Score: 9.4
Published: 2026-03-24

A highly critical supply chain compromise affecting the Aqua Security Trivy ecosystem, including the core scanner and its associated GitHub Actions. The attack, attributed to the threat actor TeamPCP, leveraged compromised CI/CD credentials and non-atomic secret rotation to embed malicious code within official releases. This embedded infostealer targets ephemeral runner environments to extract plain-text secrets directly from process memory, evading standard environment variable masking techniques.

TL;DR

Threat actor TeamPCP compromised Trivy's release pipeline, embedding an infostealer in version 0.69.4 and force-pushing malicious tags to GitHub Actions. The malware dumps CI/CD runner memory to steal credentials.

---

⚠️ Exploit Status: ACTIVE

Technical Details

• CWE ID: CWE-506
• Attack Vector: Network
• CVSS v4.0: 9.4
• EPSS Score: 0.00043
• Impact: Critical (Credential Theft / Secret Compromise)
• Exploit Status: Active Exploitation
• KEV Status: Not Listed (Monitoring)

Affected Systems

• aquasecurity/trivy
• aquasecurity/trivy-action
• aquasecurity/setup-trivy
• GitHub Actions Runner Environments
• aquasecurity/trivy: 0.69.4 (Fixed in: 0.69.2 (rollback))
• aquasecurity/trivy-action: 0.0.1 - 0.34.2 (Fixed in: 0.35.0)
• aquasecurity/setup-trivy: < 0.2.6 (Fixed in: 0.2.6 (re-tagged))

Mitigation Strategies

• Remove Trivy version 0.69.4 from all local caches and internal container registries.
• Pin all GitHub Actions dependencies to full, immutable SHA-256 commit hashes.
• Block outbound network traffic to the typosquatted domain 'scan.aquasecurtiy.org'.
• Transition authentication workflows to utilize OpenID Connect (OIDC) instead of static, long-lived secrets.

Remediation Steps:

1. Identify all GitHub Actions workflows utilizing 'aquasecurity/trivy-action' or 'aquasecurity/setup-trivy'.
2. Update the workflow definitions to reference the patched version (e.g., '0.35.0') or specific safe commit hashes.
3. Identify all secrets (cloud keys, tokens, passwords) exposed to runners that executed between March 19 and March 21, 2026.
4. Perform an immediate, atomic rotation of all identified secrets.
5. Audit all GitHub organizations for the presence of repositories matching the 'tpcp-docs-*' pattern.

References

• GitHub Advisory (GHSA-69fq-xp46-6x23)
• Aqua Security Discussion #10425
• The Hacker News: Trivy Hack Spreads Infostealer
• Phoenix Security Analysis of TeamPCP Weaponization

---

Read the full report for CVE-2026-33634 on our website for more details including interactive diagrams and full exploit analysis.