Executive Summary

CVE-2026-55092 is a path traversal vulnerability in Trivy, a security scanner. Before version 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validating it properly.

An attacker who can make Trivy fetch an attacker-controlled artifact can craft this annotation to specify a path outside the intended destination directory. This causes Trivy to write the layer content to arbitrary locations on the host filesystem within the user's privilege boundary.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows an attacker to cause Trivy to write files to arbitrary locations on the host filesystem, potentially overwriting or creating files such as SSH keys or binaries. Such unauthorized file modifications could lead to unauthorized access or code execution within the user's privilege boundary.

From a compliance perspective, this could impact adherence to standards like GDPR or HIPAA, which require protection of sensitive data and system integrity. If exploited, the vulnerability might lead to unauthorized data access or tampering, violating data protection and security requirements mandated by these regulations.

Therefore, organizations using vulnerable versions of Trivy without proper mitigation may face increased risk of non-compliance due to potential data breaches or integrity violations.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker to overwrite or create arbitrary files on the host filesystem where Trivy is running, within the permissions of the user executing Trivy.

If the user has write access to sensitive files such as SSH keys or binaries, this could lead to code execution or further system compromise.

In more restricted environments, the impact might be limited to tampering with scan results or build artifacts, potentially undermining the integrity of security scans or builds.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability occurs when Trivy downloads an OCI artifact and uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. Detection involves identifying if Trivy is fetching OCI artifacts from untrusted sources or if the --db-repository flag, environment variables, or configuration files are set to attacker-controlled repositories.

To detect potential exploitation, you can check for unexpected file writes outside the intended Trivy directories or monitor for suspicious paths being used as filenames during Trivy scans.

Specific commands are not provided in the resources, but general approaches include:

• Review Trivy configuration files and environment variables for any non-default or untrusted OCI artifact repositories.
• Monitor filesystem changes during Trivy scans to detect files written outside expected directories.
• Use system auditing tools (e.g., auditd on Linux) to track file creation or modification events triggered by Trivy.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade Trivy to version 0.71.1 or later, where this vulnerability is fixed.

Additionally, avoid downloading OCI artifacts from untrusted or attacker-controlled repositories.

Review and restrict the use of the --db-repository flag, environment variables, and configuration files to ensure they do not point to untrusted sources.

Limit the privileges of the user running Trivy to minimize the impact of any potential arbitrary file writes.

Useful 0 Not Useful 0