CVE-2026-26189

Name of the Vulnerable Software and Affected Versions aquasecurity/trivy-action versions 0.31.0 through 0.33.1

Description A command injection issue exists in aquasecurity/trivy-action due to insufficient handling of action inputs when exporting environment variables. The action creates export VAR=<input> lines in trivy envs.txt based on user-supplied inputs and then sources this file in entrypoint.sh. Because input values are written without proper shell escaping, attacker-controlled input containing shell metacharacters like $(...) or backticks can be evaluated during the sourcing process, potentially leading to arbitrary command execution within the GitHub Actions runner context. The vulnerability is exploitable when a workflow passes attacker-controlled data into any action input that is written to trivy envs.txt. A representative exploitation pattern involves incorporating untrusted pull request metadata into an action parameter. For example, if the pull request title contains shell syntax, it may be executed when the generated environment file is sourced. The set env var if provided function in action.yaml writes unescaped export lines, and entrypoint.sh sources ./trivy envs.txt.

Recommendations Upgrade to version 0.34.0 or later. Workflows that pass attacker-controlled data into trivy-action inputs should be avoided. If upgrading is not immediately possible, eliminate the source ./trivy envs.txt pattern.