Trivy Action

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-26189 MEDIUM PATCH This Month

Trivy Action versions 0.31.0 through 0.33.1 allow remote code execution on GitHub Actions runners due to insufficient input sanitization when constructing shell environment variable exports. An attacker with repository access can inject shell metacharacters through action inputs to achieve arbitrary command execution in the runner context. The vulnerability requires high privileges to exploit and is addressed in version 0.34.0.

Docker Github Command Injection Trivy Action

NVD GitHub

CVSS 3.1

5.9

EPSS

0.1%

CVE-2026-26189

EPSS 0% CVSS 5.9

MEDIUM PATCH This Month

Trivy Action versions 0.31.0 through 0.33.1 allow remote code execution on GitHub Actions runners due to insufficient input sanitization when constructing shell environment variable exports. An attacker with repository access can inject shell metacharacters through action inputs to achieve arbitrary command execution in the runner context. The vulnerability requires high privileges to exploit and is addressed in version 0.34.0.

Docker Github Command Injection +1

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy