PT-2026-33842 · Spinnaker · Spinnaker
Published
2026-04-20
·
Updated
2026-04-20
·
CVE-2026-32604
CVSS v3.1
9.9
Critical
| AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 contain a patch. As a workaround, disable the gitrepo artifact types.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spinnaker