HIGHVulnerability
Verified
Global
CISA KEV: Aquasecurity Trivy — Aquasecurity Trivy Embedded Malicious Code Vulnerability
Thursday, March 26, 2026 at 12:00 AM UTC·Source: CISA KEV
Updated: Wednesday, April 1, 2026 at 07:13 PM UTC
Executive Summary
Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory.
Analysis
Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory.
Added to CISA Known Exploited Vulnerabilities catalog on 2026-03-26. Remediation due: 2026-04-09.