CP
cyberpings
VulnerabilitiesHIGH

Vulnerabilities - CISA Adds Aquasecurity Trivy Flaw Alert

SASecurity Affairs
CVE-2026-33634AquasecurityTrivyCISAGitHub Actions
🎯

Basically, a serious flaw was found in a security tool, and hackers used it to steal data.

Quick Summary

CISA has added a serious flaw in Aquasecurity's Trivy to its KEV catalog. Attackers exploited this vulnerability using compromised credentials. Organizations must take immediate action to secure their systems and mitigate risks.

The Flaw

On March 19, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) identified a significant flaw in Aquasecurity's Trivy, tracked as CVE-2026-33634. This vulnerability has a high CVSS score of 9.3, indicating its potential for severe impact. Attackers exploited this flaw by using compromised credentials to release a malicious version of Trivy, specifically version v0.69.4. This incident is part of a broader supply chain attack that began in late February, highlighting the ongoing risks associated with software vulnerabilities.

What's at Risk

The compromised version of Trivy allowed attackers to tamper with related GitHub Actions, turning these tools into mechanisms for stealing sensitive data. Several components were affected, including Trivy binaries, container images, and the GitHub Actions themselves. Organizations that utilized the compromised versions should consider their systems exposed, as attackers may have retained access even after credentials were rotated. The failure to rotate all credentials simultaneously is a critical oversight that allowed the attackers to exploit newly generated secrets.

Patch Status

CISA has ordered federal agencies to address this vulnerability by April 9, 2026. Safe versions of Trivy have been identified, but organizations must act quickly to mitigate risks. It is crucial for those who ran the compromised versions to remove affected artifacts, rotate all secrets, and review logs for any suspicious activity, particularly around the dates of March 19-20. Experts recommend that organizations pin GitHub Actions to immutable commit hashes instead of version tags to prevent similar issues in the future.

Immediate Actions

Organizations are urged to review CISA's Known Exploited Vulnerabilities (KEV) catalog and take necessary steps to secure their infrastructure. This includes addressing the identified vulnerabilities to protect against potential attacks. The Binding Operational Directive (BOD) 22-01 mandates that federal agencies must comply with these recommendations to safeguard their networks. Private organizations should also take these vulnerabilities seriously and implement the recommended security measures to reduce risks associated with this critical flaw.

🔒 Pro insight: The exploitation of CVE-2026-33634 underscores the necessity of thorough credential management and timely updates in software supply chains.

Original article from

Security Affairs · Pierluigi Paganini

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Router Vulnerabilities - TP-Link Issues Critical Patches

TP-Link has patched four serious vulnerabilities in its Archer NX routers. Users need to update their firmware immediately to protect against potential exploits. Failure to do so could lead to unauthorized access and compromised networks.

SecurityWeek·
HIGHVulnerabilities

Vulnerabilities - CISA Warns of Langflow RCE and Trivy Flaws

CISA has identified critical vulnerabilities in Langflow and Trivy, prompting immediate action from federal agencies. Exploitation is already underway, raising significant security concerns. Organizations must prioritize patching to mitigate risks and protect sensitive data.

Help Net Security·
CRITICALVulnerabilities

Vulnerabilities - Red Hat Warns of Malware in Linux Tool

Red Hat has issued a critical warning about malware in the xz compression tool. This vulnerability can allow unauthorized access to Linux systems. Users must act quickly to secure their environments and prevent breaches.

Cyber Security News·
HIGHVulnerabilities

Vulnerabilities - CISA Flags Critical PTC Windchill Flaw

CISA has flagged a critical vulnerability in PTC's Windchill software. German police are actively warning organizations about the risks. With no patches available yet, the potential for exploitation is high, urging immediate action.

SecurityWeek·
HIGHVulnerabilities

LangChain Vulnerabilities - Exposing Files and Secrets

Three critical vulnerabilities in LangChain and LangGraph could expose sensitive files and secrets. Millions of users are affected, and immediate patching is crucial to mitigate risks.

The Hacker News·
HIGHVulnerabilities

Citrix NetScaler Vulnerabilities - Remote Attackers Can Exploit

Critical vulnerabilities in Citrix NetScaler appliances could allow remote attackers to leak sensitive information. Network admins must patch these flaws immediately to protect their systems. Failure to act could lead to serious data exposure risks.

Cyber Security News·