CVE-2026-33634

Name of the Vulnerable Software and Affected Versions aquasecurity/trivy version 0.69.4 aquasecurity/trivy versions 0.69.5 through 0.69.6 aquasecurity/trivy-action versions 0.0.1 through 0.34.2 aquasecurity/setup-trivy versions 0.2.0 through 0.2.6

Description A supply chain attack occurred where a threat actor used compromised credentials to publish malicious versions of the Trivy security scanner and its associated GitHub Actions. The attacker published a malicious release of the Trivy binary and container image, and force-pushed malicious commits to version tags of the aquasecurity/trivy-action and aquasecurity/setup-trivy actions. The malicious code functions as an infostealer that executes before the legitimate scan, dumping Runner.Worker process memory via /proc/<pid>/mem and sweeping the filesystem for SSH keys, cloud credentials (AWS, GCP, Azure), Kubernetes tokens, Docker configurations, .env files, database credentials, and cryptocurrency wallets. Stolen data is encrypted using AES-256-CBC with RSA-4096 hybrid encryption and transmitted to attacker-controlled infrastructure. If primary exfiltration fails and the INPUT GITHUB PAT variable is set, the malware creates a public repository named tpcp-docs on the victim's GitHub account to upload the stolen data. This campaign has affected over 1,000 SaaS environments, including the European Commission's Europa platform on AWS.

Recommendations Update aquasecurity/trivy to version 0.69.2 or 0.69.3. Update aquasecurity/trivy-action to version 0.35.0, or use v-prefixed tags (e.g., v0.34.0) for versions older than 0.35.0. Update aquasecurity/setup-trivy to version 0.2.6. Immediately rotate all secrets accessible to affected pipelines if a compromised version was executed. Remove any affected artifacts of Trivy v0.69.4 from the environment. Review workflow run logs from March 19–20, 2026, for any workflows using aquasecurity/trivy-action or aquasecurity/setup-trivy that referenced version tags instead of full commit SHAs. Check for the presence of repositories named tpcp-docs in the GitHub organization. Pin GitHub Actions to full, immutable commit SHA hashes instead of using mutable version tags.