[CDP-development] TLP:GREEN (Vulnerability Alert Notification) CVE-2026-33634: Aqua Security Trivy · Embedded Malicious Code Vulnerability

Steve J Ketchum Steve.J.KETCHUM at das.oregon.gov
Thu Mar 26 13:09:33 PDT 2026 

Good morning,

The SOC Services team is reporting on a critical supply chain vulnerability, CVE-2026-33634, affecting Aqua Security Trivy and its associated GitHub Actions. Because of evidence of active exploitation by a threat actor known as "TeamPCP," we are providing this in-depth information.

History: On March 19, 2026, it was reported that a threat actor used compromised credentials to inject credential-stealing malware into official Trivy releases. This incident is a continuation of a supply chain attack that began in late February 2026. The CVSS v4.0 base score is 9.4 (Critical) by GitHub. As of March 26, 2026, A CVSSv3 score has not currently been assessed or assigned

Affected Versions:


  *   aquasecurity/trivy (Go / Container image): Version 0.69.4, 0.69.5, and 0.69.6.
  *   aquasecurity/trivy-action (GitHub Action): Versions 0.0.1 through 0.34.2 (specifically 76 out of 77 version tags were hijacked).
  *   aquasecurity/setup-trivy (GitHub Action): Versions 0.2.0 through 0.2.6 (all 7 tags were replaced with malicious commits).

Fixed Versions:


  *   trivy binary: Versions 0.69.2 and 0.69.3 are known safe; ensure you are not on the compromised 0.69.4–0.69.6 branch.
  *   trivy-action: Version 0.35.0.
  *   setup-trivy: Version 0.2.6 (recreated with a safe commit).

A threat actor force-pushed malicious commits to trusted version tags, allowing for the execution of a credential harvester during legitimate security scans.

Vendor Advisory: GitHub Advisory GHSA-69fq-xp46-6x23<https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23>

Intelligence: On March 26, 2026, CISA confirmed and added this vulnerability to the Known Exploited Vulnerabilities (KEV) Catalog.

    Exploitability Level: Low Complexity, Network Exploitability
    Complexity: Low
    User Interaction: None (triggered by automated CI/CD workflows)
    Remotely Exploitable: Yes
    Proof of Concept: Published/Active
    Zero Day: No (discovered during active exploitation)

Workarounds: Pin GitHub Actions to full, immutable commit SHA hashes rather than using mutable version tags.

How it Works: The attacker leveraged compromised credentials to reassign mutable Git tags to malicious commits. When a CI/CD pipeline pulls the "latest" or a specific version tag (e.g., @v0.34.0), it executes a malicious entrypoint.sh that steals environment secrets (like GitHub PATs) and exfiltrates them to a typosquatted domain (scan[.]aquasecurtiy[.]org) before running the actual scan.

Post-Exploit Impact:


  *   Credential Theft: Exfiltration of all secrets accessible to the CI/CD pipeline.
  *   Supply Chain Poisoning: Use of stolen credentials to further compromise downstream repositories.

Indicators of Compromise (IoCs):

Type
Value
Description/Notes
Domain
scan[.]aquasecurtiy[.]org
Typosquatted exfiltration endpoint
IP Address
45.148.10.212
C2 server located in Amsterdam
Repository
tpcp-docs
Public repo created in victim orgs as a fallback exfiltration channel

Tenable Plugins: As of March 26, 2026, there has not been any release of Tenable plugins or plugins currently in their pipeline.

Recommended Actions:

Date Added to KEV Catalog: March 26, 2026
Due Date for Remediation: April 16, 2026 (standard 3-week KEV window)


  *   Rotate all secrets (tokens, passwords, keys) that were accessible to any pipeline that ran a compromised Trivy version between March 19–22, 2026.
  *   Audit GitHub Organizations for the presence of a repository named tpcp-docs, which indicates successful data exfiltration.
  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by the vendor to vulnerable systems after testing.
  *   Run all software as a non-privileged user to reduce the impact of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.

Steve Ketchum, CISSP
Security Analyst II
Enterprise Information Services
Cyber Security Services | CSS
PH: (971) 707-1693 |SOC Hotline: (503) 378-5930
[cid:image001.png at 01DCBD1E.A5447D70] [cid:image002.png at 01DCBD1E.A5447D70]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20260326/0e4d9da9/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 26805 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20260326/0e4d9da9/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 32625 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20260326/0e4d9da9/attachment-0003.png>

More information about the CDP-development mailing list