PT-2026-33842 · Spinnaker · Spinnaker

Published

2026-04-20

Updated

2026-05-06

CVE-2026-32604

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.1 Spinnaker versions prior to 2025.4.2 Spinnaker versions prior to 2025.3.2

Description An issue in the clouddriver pods allows a bad actor to execute arbitrary commands. This could lead to the exposure of credentials, removal of files, or the injection of resources.

Recommendations Update to version 2026.1.0. Update to version 2026.0.1. Update to version 2025.4.2. Update to version 2025.3.2. As a temporary workaround, disable the gitrepo artifact types.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2026-32604

GHSA-X3J7-7PGJ-H87R

Affected Products

Spinnaker

PT-2026-33842 · Spinnaker · Spinnaker

CVE-2026-32604

Weakness Enumeration

Related Identifiers

Affected Products

References · 25