Urgent: Remediate CVE-2026-33634 in Aqua Security Trivy – Active Exploitation Detected

CISA has added a critical vulnerability, CVE-2026-33634, to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability affects Aqua Security Trivy, a popular open-source security scanner, and involves the presence of embedded malicious code.

Because this vulnerability has been identified as a pathway for malicious cyber actors and carries significant risk to the federal enterprise—and by extension, all organizations relying on containerized environments—immediate action is required.

Introduction

Security tools are supposed to protect us, but when a security tool itself is compromised, the risk is amplified. CVE-2026-33634 is a stark reminder of the dangers inherent in the software supply chain. By embedding malicious code within Aqua Security Trivy, attackers can turn a trusted vulnerability scanner into a weaponized foothold within your environment.

For defenders, this means that the very processes you rely on to identify vulnerabilities could be introducing them. Under Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to remediate this issue by the due date. However, due to the active exploitation status, private sector organizations should treat this with equal urgency.

Technical Analysis

• CVE ID: CVE-2026-33634
• Affected Product: Aqua Security Trivy
• Vulnerability Type: Embedded Malicious Code (Supply Chain)
• Status: Actively Exploited

This vulnerability stems from a compromise where malicious code was embedded within the Trivy application or its dependencies. This allows an attacker to execute arbitrary commands on the system running the scanner. Since Trivy often runs with elevated privileges to scan container filesystems and registries, the potential impact includes:

1. Lateral Movement: The malicious code can be used to pivot to other hosts or containers.
2. Credential Theft: Accessing secrets or environment variables scanned by the tool.
3. Data Exfiltration: Establishing covert communication channels to external command and control (C2) servers.

Defensive Monitoring

To detect exploitation attempts or the presence of the malicious variant of Trivy, security teams should implement the following detection rules and hunts.

SIGMA Rules

The following SIGMA rules help identify suspicious behavior associated with the compromised Trivy binary, such as unexpected network connections or spawning unauthorized shells.

---
title: Trivy Scanner Establishing Suspicious Network Connection
id: 8c4f2e1a-5b3d-4c9e-8f1a-2b3c4d5e6f7a
status: experimental
description: Detects Aqua Security Trivy establishing network connections to non-standard ports or unusual destinations, potentially indicating C2 activity from embedded malicious code.
references:
  - https://www.cisa.gov/news-events/alerts/2026/03/26/cisa-adds-one-known-exploited-vulnerability-catalog
author: Security Arsenal
date: 2026/03/29
tags:
  - attack.command_and_control
  - attack.t1071.001
logsource:
  category: network_connection
  product: linux
detection:
  selection:
    Image|endswith: '/trivy'
    DestinationPort|not:
      - 443
      - 80
  condition: selection
falsepositives:
  - Legitimate connections to internal registries on non-standard ports
level: high
---
title: Trivy Spawning Unauthorized Shell Processes
id: 9d5g3f2b-6c4e-5d0f-9g2b-3c4d5e6f7a8b
status: experimental
description: Detects the Aqua Security Trivy process spawning shell processes like bash or sh, which is atypical behavior for a scanner and indicative of code execution exploitation.
references:
  - https://attack.mitre.org/techniques/T1059/
author: Security Arsenal
date: 2026/03/29
tags:
  - attack.execution
  - attack.t1059.004
logsource:
  category: process_creation
  product: linux
detection:
  selection:
    ParentImage|endswith: '/trivy'
    Image|endswith:
      - '/bash'
      - '/sh'
      - '/zsh'
  condition: selection
falsepositives:
  - Unknown (Low likelihood of legitimate shell spawning by Trivy)
level: critical

KQL Queries

For Microsoft Sentinel or Defender for Cloud environments, use the following KQL to hunt for suspicious Trivy activity.

// Hunt for Trivy process creation and child processes
DeviceProcessEvents
| where InitiatingProcessFileName =~ "trivy"
| where FileName in~ ("bash", "sh", "zsh", "nc", "curl", "wget")
| project Timestamp, DeviceName, InitiatingProcessCommandLine, FileName, CommandLine, SHA256
| order by Timestamp desc


// Hunt for Trivy network connections to non-standard endpoints
DeviceNetworkEvents
| where InitiatingProcessFileName =~ "trivy"
| where RemotePort !in (443, 80)
| project Timestamp, DeviceName, InitiatingProcessCommandLine, RemoteUrl, RemoteIP, RemotePort
| order by Timestamp desc

Velociraptor VQL

Velociraptor can be used to hunt for the specific malicious behavior on endpoints. The following artifact hunts for Trivy processes and their children.

-- Hunt for Trivy process and check for unexpected children
SELECT Pid AS ParentPid, Name AS ParentName, Exe AS ParentExe, Children
FROM foreach(
  row={
    SELECT Pid, Exe, Name
    FROM pslist()
    WHERE Name =~ "trivy"
  },
  query={
    SELECT Children.pid, Children.name, Children.cmdline
    FROM pslist(pid=ParentPid)
    WHERE Children.name =~ "sh" OR Children.name =~ "bash" OR Children.name =~ "curl"
  }
)

Remediation and Verification

PowerShell (Windows Environments):

# Check installed Trivy version (if managed via Chocolatey or similar)
# This requires appropriate package manager tools installed
choco list --local-only trivy


**Bash (Linux/Container Environments):**

# Check current Trivy version
trivy --version

# Verify the integrity of the Trivy binary (Example: checking sha256sum)
# Replace <expected_hash> with the hash provided by Aqua Security release notes
download_url="https://github.com/aquasecurity/trivy/releases/download/v0.50.0/trivy_0.50.0_Linux-64bit.tar.gz"
expected_hash="<expected_hash>"
curl -sL "$download_url" -o /tmp/trivy.tar.gz
echo "$expected_hash  /tmp/trivy.tar.gz" | sha256sum -c -

Remediation Steps

1. Update Immediately: Upgrade Aqua Security Trivy to the latest patched version immediately. Refer to the official Aqua Security advisory for the specific safe version.
2. Verify Integrity: After updating, verify the checksum of the downloaded binary to ensure it has not been tampered with during the download process.
3. Audit Logs: Review logs for any instances where Trivy spawned unauthorized processes or connected to unknown external IPs during the window of vulnerability.
4. Scan for Persistence: Use a known-good scanner to re-scan your environment to ensure no backdoors were established by the malicious code.

Related Resources

Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub