CVE-2026-32604
Command Injection in Spinnaker Clouddriver Pods Enables Credential Exposure
Publication date: 2026-04-20
Last updated on: 2026-04-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | spinnaker | to 2025.3.2 (exc) |
| linuxfoundation | spinnaker | From 2025.4.0 (inc) to 2025.4.2 (exc) |
| linuxfoundation | spinnaker | From 2026.0.0 (inc) to 2026.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Spinnaker, an open source multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, an attacker can easily execute arbitrary commands on the clouddriver pods.
This means the attacker can perform actions such as exposing credentials, deleting files, or injecting resources within the affected system.
A patch is available in versions 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, and as a temporary workaround, disabling the gitrepo artifact types is recommended.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized execution of commands on clouddriver pods.
- Exposure of sensitive credentials.
- Deletion or removal of important files.
- Injection of unauthorized resources into the system.
Overall, it can lead to a complete compromise of the affected Spinnaker deployment.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should upgrade Spinnaker to one of the patched versions: 2026.1.0, 2026.0.1, 2025.4.2, or 2025.3.2.
As a workaround until you can upgrade, disable the gitrepo artifact types to reduce the risk of arbitrary command execution on the clouddriver pods.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a bad actor to execute arbitrary commands on clouddriver pods, potentially exposing credentials, removing files, or injecting resources. Such unauthorized access and data exposure could lead to violations of data protection and security requirements mandated by standards like GDPR and HIPAA.
Specifically, exposure of credentials and unauthorized resource manipulation can compromise confidentiality, integrity, and availability of sensitive data, which are core principles in these regulations.