CVE-2026-26189
📋 TL;DR
A command injection vulnerability in aquasecurity/trivy-action GitHub Action versions 0.31.0-0.33.1 allows attackers to execute arbitrary commands on GitHub Actions runners. This occurs when user-controlled input containing shell metacharacters is passed to the action and gets evaluated during environment variable sourcing. Only workflows using vulnerable versions and passing untrusted input to the action are affected.
💻 Affected Systems
- aquasecurity/trivy-action
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of GitHub Actions runner with ability to steal secrets, modify repositories, deploy malicious code, and pivot to internal systems.
Likely Case
Unauthorized code execution within the runner environment, potentially exposing repository secrets and sensitive data.
If Mitigated
No impact if using patched version or not passing untrusted input to the action.
🎯 Exploit Status
Exploitation requires control over input passed to the action, which could come from pull requests, workflow dispatch inputs, or other sources.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.34.0
Vendor Advisory: https://github.com/aquasecurity/trivy-action/security/advisories/GHSA-9p44-j4g5-cfx5
Restart Required: No
Instructions:
1. Update your workflow YAML to use `aquasecurity/trivy-action@v0.34.0` or later. 2. Replace any references to older versions. 3. Test the updated workflow.
🔧 Temporary Workarounds
Input sanitization
allValidate and sanitize all inputs passed to trivy-action to remove shell metacharacters.
# Example using shell parameter expansion to remove dangerous chars
CLEAN_INPUT="${USER_INPUT//[^a-zA-Z0-9._-]/}"
Pin to safe version
allTemporarily pin to version 0.30.0 or earlier until patching is possible.
# In your workflow YAML
uses: aquasecurity/trivy-action@v0.30.0
🧯 If You Can't Patch
- Remove or restrict untrusted inputs to trivy-action
- Implement strict input validation for all workflow inputs
🔍 How to Verify
Check if Vulnerable:
Check your workflow YAML for `aquasecurity/trivy-action` usage with version 0.31.0-0.33.1 and examine if any inputs come from untrusted sources.Check Version:
grep -E 'aquasecurity/trivy-action@v?0\.(3[1-3]\.[0-9]|33\.[0-1])' *.yml *.yamlVerify Fix Applied:
Confirm workflow uses `aquasecurity/trivy-action@v0.34.0` or later and test with sample malicious input containing shell metacharacters.📡 Detection & Monitoring
Log Indicators:
- Unexpected command execution in GitHub Actions logs
- Suspicious shell metacharacters in action inputs
- Unusual process execution from trivy-action
Network Indicators:
- Unexpected outbound connections from GitHub Actions runner
SIEM Query:
source="github-actions" AND "trivy-action" AND ("$(command)" OR "`command`" OR "; command")