HIGHVulnerability
Verified
Global
CISA KEV: Aquasecurity Trivy — Aquasecurity Trivy Embedded Malicious Code Vulnerability
·Source: CISA KEV
Updated:
Executive Summary
Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory.
Analysis
Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory. Added to CISA Known Exploited Vulnerabilities catalog on 2026-03-26. Remediation due: 2026-04-09.