Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Remote attacker-controlled artifact fetched over the network with low complexity and no privileges, but the victim must run the scan (UI:R); arbitrary file write yields high integrity/availability impact and no confidentiality loss.
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a crafted annotation that resolves to a path outside the intended destination, causing Trivy to write the layer content to an arbitrary location on the host filesystem. This vulnerability is fixed in 0.71.1.
AnalysisAI
Arbitrary file write in Aqua Security's Trivy scanner (prior to 0.71.1) allows an attacker who can make Trivy fetch an attacker-controlled OCI artifact to write layer content anywhere on the host filesystem. Trivy trusts the org.opencontainers.image.title manifest annotation as the output filename without sanitization, so a crafted value containing path-traversal sequences escapes the intended download directory (CWE-22). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that an attacker can cause Trivy (a version prior to 0.71.1) to fetch an attacker-controlled OCI artifact - for example by hosting it in a registry the victim pulls from or by poisoning an artifact reference - and that the victim actively runs Trivy to download/scan that artifact (CVSS UI:A). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H) scores 7.0 and is internally consistent with the description: network-reachable artifact fetch, low complexity, no privileges, but Active user interaction (UI:A) because a victim must run Trivy against the malicious artifact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes or compromises an OCI artifact in a registry and sets its org.opencontainers.image.title annotation to a value like ../../../../etc/cron.d/payload. A developer or CI job runs Trivy to pull and scan that artifact, and Trivy writes the layer content to the attacker-chosen path outside the intended directory, potentially overwriting a configuration file or dropping a file that leads to code execution. … |
| Remediation | Vendor-released patch: upgrade Trivy to 0.71.1 or later, which adds validation of the OCI artifact destination path; this is the primary and recommended fix, documented in advisory GHSA-mcj4-mphf-j9ff (https://github.com/aquasecurity/trivy/security/advisories/GHSA-mcj4-mphf-j9ff). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Trivy deployments and document current versions in use. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allVendor StatusVendor
SUSE
Severity: ImportantShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39477