Skip to main content

Trivy CVE-2026-55092

| EUVDEUVD-2026-39477 HIGH
Path Traversal (CWE-22)
2026-06-25 GitHub_M
7.0
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.0 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.1 HIGH

Remote attacker-controlled artifact fetched over the network with low complexity and no privileges, but the victim must run the scan (UI:R); arbitrary file write yields high integrity/availability impact and no confidentiality loss.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Patch available
Jun 25, 2026 - 18:03 EUVD
Analysis Generated
Jun 25, 2026 - 17:20 vuln.today

DescriptionCVE.org

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a crafted annotation that resolves to a path outside the intended destination, causing Trivy to write the layer content to an arbitrary location on the host filesystem. This vulnerability is fixed in 0.71.1.

AnalysisAI

Arbitrary file write in Aqua Security's Trivy scanner (prior to 0.71.1) allows an attacker who can make Trivy fetch an attacker-controlled OCI artifact to write layer content anywhere on the host filesystem. Trivy trusts the org.opencontainers.image.title manifest annotation as the output filename without sanitization, so a crafted value containing path-traversal sequences escapes the intended download directory (CWE-22). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Publish crafted OCI artifact in registry
Delivery
Set malicious image.title traversal annotation
Exploit
Victim runs Trivy against artifact
Execution
Trivy writes layer to arbitrary path
Persist
Overwrite sensitive file or drop payload
Impact
Integrity/availability compromise or code execution

Vulnerability AssessmentAI

Exploitation Exploitation requires that an attacker can cause Trivy (a version prior to 0.71.1) to fetch an attacker-controlled OCI artifact - for example by hosting it in a registry the victim pulls from or by poisoning an artifact reference - and that the victim actively runs Trivy to download/scan that artifact (CVSS UI:A). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H) scores 7.0 and is internally consistent with the description: network-reachable artifact fetch, low complexity, no privileges, but Active user interaction (UI:A) because a victim must run Trivy against the malicious artifact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes or compromises an OCI artifact in a registry and sets its org.opencontainers.image.title annotation to a value like ../../../../etc/cron.d/payload. A developer or CI job runs Trivy to pull and scan that artifact, and Trivy writes the layer content to the attacker-chosen path outside the intended directory, potentially overwriting a configuration file or dropping a file that leads to code execution. …
Remediation Vendor-released patch: upgrade Trivy to 0.71.1 or later, which adds validation of the OCI artifact destination path; this is the primary and recommended fix, documented in advisory GHSA-mcj4-mphf-j9ff (https://github.com/aquasecurity/trivy/security/advisories/GHSA-mcj4-mphf-j9ff). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Trivy deployments and document current versions in use. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important

Share

CVE-2026-55092 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy