What happened to Trivy?

The Trivy supply chain was compromised, leading to the distribution of malicious versions of the Trivy binary, container images, and GitHub Actions. These malicious components contained code designed to steal credentials and other sensitive information. Users who used affected versions during the exposure window are at risk.

What should I do if I used a compromised version of Trivy?

If you used a compromised version of Trivy, you should immediately update to a safe version (v0.69.2, v0.69.3 for binaries; v0.35.0 for trivy-action; v0.2.6 for setup-trivy). Additionally, you must rotate all potentially exposed secrets, audit your Trivy versions and GitHub Action references, and search for any signs of exfiltration.

How can I prevent future supply chain attacks?

To prevent future supply chain attacks, pin your GitHub Actions to full SHA hashes instead of using mutable tags. Regularly monitor your dependencies for vulnerabilities and suspicious activity. Implement strong access controls and credential management practices to minimize the risk of compromise.

NextGuard

Back to blog

CISA KEVCVSS 9.5CVE-2026-33634

Trivy Supply Chain Compromise: CVE-2026-33634

Q: How do I know if I'm affected by the Trivy compromise?

You are affected if you downloaded or used Trivy binaries version v0.69.4, container images v0.69.4, v0.69.5, and v0.69.6, any tags prior except 0.35.0 (0.0.1 – 0.34.2) to reference the `trivy-action`, the action's `version: latest` parameter explicitly (not the default) during the trivy binary exposure window, SHA pinning to a commit prior to 2025-04-09 and any version without pinning of `setup-trivy` during the exposure window. Check your logs and workflows for usage of these versions during the specified exposure windows.

Critical: Trivy supply chain was compromised. Malicious versions of Trivy, trivy-action, and setup-trivy were briefly available. Update immediately!

Published on April 3, 2026

A threat actor compromised the Trivy supply chain, publishing malicious versions of the `trivy` binary/image, `aquasecurity/trivy-action`, and `aquasecurity/setup-trivy` GitHub Actions. Users who downloaded or used these components during the exposure window are at risk of credential theft and other malicious activity. Immediate action is required to update to safe versions and rotate potentially exposed secrets.

This CVE has a CVSS score of 9.5, indicating critical severity due to potential for complete system compromise.

What is Github.com/aquasecurity/trivy?

Github.com/aquasecurity/trivy is a comprehensive vulnerability scanner. It helps developers and security teams identify vulnerabilities in software dependencies, operating system packages, and container images. Trivy supports a wide range of ecosystems and provides detailed reports on detected vulnerabilities, making it an essential tool for maintaining software security. Learn more by visiting search all github.com/aquasecurity/trivy CVEs.

CVE-2026-33634: Trivy Supply Chain Compromise

CVSS9.5

Affected versionsThis vulnerability affects users who downloaded or used `trivy` binaries version v0.69.4, container images v0.69.4, v0.69.5, and v0.69.6, any tags prior except 0.35.0 (0.0.1 – 0.34.2) to reference the `trivy-action`, the action's `version: latest` parameter explicitly (not the default) during the trivy binary exposure window, SHA pinning to a commit prior to 2025-04-09 and any version without pinning of `setup-trivy` during the exposure window.

CISA KEV

Critical severity: complete system compromise is possible.

EPSS score of 20.84% indicates a significant probability of exploitation.

This vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog.

A threat actor gained unauthorized access to the Trivy release pipeline and published malicious versions of the `trivy` binary and container images, as well as the `aquasecurity/trivy-action` and `aquasecurity/setup-trivy` GitHub Actions. The malicious code injected into these components was designed to steal credentials and other sensitive information from affected systems.

How to fix CVE-2026-33634 in Github.com/aquasecurity/trivy

Patch immediately

1.Update Trivy to a safe version (v0.69.2, v0.69.3 for binaries; v0.35.0 for trivy-action; v0.2.6 for setup-trivy).
2.Rotate all potentially exposed secrets.
3.Audit Trivy versions and GitHub Action references in your workflows.
4.Search for exfiltration artifacts (e.g., repositories named `tpcp-docs`).
5.Pin GitHub Actions to full SHA hashes instead of using mutable tags.

Update Trivy

go get -u github.com/aquasecurity/trivy@latest

Verify with:

verify

# Download binary and sigstore bundle
curl -sLO "https://github.com/aquasecurity/trivy/releases/download/v0.69.2/trivy_0.69.2_Linux-64bit.tar.gz"
curl -sLO "https://github.com/aquasecurity/trivy/releases/download/v0.69.2/trivy_0.69.2_Linux-64bit.tar.gz.sigstore.json"

# Verify signature
$ cosign verify-blob \
  --certificate-identity-regexp 'https://github\.com/aquasecurity/' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --bundle trivy_0.69.2_Linux-64bit.tar.gz.sigstore.json \
  trivy_0.69.2_Linux-64bit.tar.gz

Workaround: Pinning to specific, safe commit SHA hashes for GitHub Actions can prevent the use of compromised tags.

NextGuard automatically flags CVE-2026-33634 if github.com/aquasecurity/trivy appears in any of your monitored projects — no manual lookup required.

Stay ahead of go vulnerabilities

Proactively detect and respond to supply chain attacks by using a comprehensive monitoring solution. NextGuard helps you monitor your go dependencies for known vulnerabilities and suspicious activity.

Compare Plans

Frequently asked questions

The Trivy supply chain compromise highlights the importance of proactive security measures and dependency monitoring. Stay vigilant and ensure your systems are protected against emerging threats. You can see all go vulnerabilities on our platform.