CVE-2026-26189
Command Injection in Trivy GitHub Action Allows Remote Code Execution
Publication date: 2026-02-19
Last updated on: 2026-02-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aquasec | trivy_action | From 0.31.0 (inc) to 0.34.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the aquasecurity/trivy-action versions 0.31.0 through 0.33.1, which is a GitHub action used to scan Docker container images for vulnerabilities. The issue arises because the action improperly handles user inputs when exporting environment variables by writing lines like 'export VAR=<input>' to a file called trivy_envs.txt without proper shell escaping.
When this file is sourced in the entrypoint.sh script, any attacker-controlled input containing shell metacharacters (such as $(...), backticks, or other command substitution syntax) can be executed as arbitrary commands within the GitHub Actions runner environment.
This means that if a malicious actor can supply input to the action, they can execute arbitrary commands on the runner. The vulnerability is fixed in version 0.34.0 by properly escaping shell values or removing the vulnerable sourcing pattern.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary command execution within the GitHub Actions runner context if an attacker can supply malicious input to the vulnerable action inputs.
Such command execution could allow an attacker to run unauthorized commands, potentially leading to compromise of the build environment, exposure or modification of sensitive data, or disruption of the CI/CD pipeline.
However, exploitation requires that the workflow passes attacker-controlled data into the action inputs and that the vulnerable version of the action is used.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by reviewing the versions of the aquasecurity/trivy-action used in your GitHub workflows. Specifically, versions 0.31.0 through 0.33.1 are vulnerable.
You can check your GitHub Actions workflow files for usage of the vulnerable versions and inspect if any user-controlled inputs are passed to the action inputs that are written to trivy_envs.txt.
Since the vulnerability involves command injection via environment variable exports in trivy_envs.txt, you can look for suspicious or unexpected shell metacharacters in these inputs.
There are no specific commands provided in the context to detect this vulnerability on your system or network.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the aquasecurity/trivy-action to version 0.34.0 or later, which contains a patch that properly escapes shell values and eliminates the vulnerable source pattern.
Additionally, review your workflows to ensure that no attacker-controlled data is passed into the action inputs that are written to trivy_envs.txt.
If upgrading immediately is not possible, avoid passing untrusted or user-controlled inputs to the vulnerable action inputs.