Description
Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in `aquasecurity/trivy-action` versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes `export VAR=<input>` lines to `trivy_envs.txt` based on user-supplied inputs and subsequently sources this file in `entrypoint.sh`. Because input values are written without appropriate shell escaping, attacker-controlled input containing shell metacharacters (e.g., `$(...)`, backticks, or other command substitution syntax) may be evaluated during the sourcing process. This can result in arbitrary command execution within the GitHub Actions runner context. Version 0.34.0 contains a patch for this issue. The vulnerability is exploitable when a consuming workflow passes attacker-controlled data into any action input that is written to `trivy_envs.txt`. Access to user input is required by the malicious actor. Workflows that do not pass attacker-controlled data into `trivy-action` inputs, workflows that upgrade to a patched version that properly escapes shell values or eliminates the `source ./trivy_envs.txt` pattern, and workflows where user input is not accessible are not affected.
Published: 2026-02-19
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Command Injection / Arbitrary Code Execution
Action: Update
AI Analysis

Impact

The vulnerability arises from improper handling of user‑supplied inputs when the Trivy Action writes environment variables to a file and then sources that file. Because the input values are written without shell escaping, an attacker who can influence any action input can inject shell metacharacters, causing the GitHub Actions runner to execute arbitrary commands at the environment of the job. This represents a classic shell injection (CWE‑78) that can compromise secrets, access control, or the build environment.

Affected Systems

aquasecurity:trivy-action versions 0.31.0 through 0.33.1 are affected when they are used in a GitHub Actions workflow that accepts attacker‑controlled values for any input that ends up written to trivy_envs.txt. The vulnerability is patched in 0.34.0. Workflows that do not forward untrusted data to those inputs, or that update to the patched release, are not vulnerable.

Risk and Exploitability

The CVSS base score of 5.9 indicates a medium impact, and the EPSS score of less than 1% suggests a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector requires that the adversary can supply or manipulate job inputs within a GitHub Actions workflow; once the action sources the env file, the injected commands run with the permissions of the runner. While the probability of exploitation is low, the potential consequences for compromise of the runner and the build pipeline are significant.

Generated by OpenCVE AI on April 18, 2026 at 11:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade aquasecurity/trivy-action to version 0.34.0 or later, which correctly escapes shell values or removes the source of the env file.
  • During workflow design, avoid feeding untrusted or externally supplied data into any input that the action will export to trivy_envs.txt; validate or sanitise such inputs before they reach the action.
  • If an upgrade is not immediately possible, disable the sourcing of trivy_envs.txt in the action’s entrypoint or replace the composite action with a manually invoked, hardened script that performs the same scan without dynamic env sourcing.

Generated by OpenCVE AI on April 18, 2026 at 11:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9p44-j4g5-cfx5 Trivy Action has a script injection via sourced env file in composite action
History

Thu, 26 Feb 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Aquasec
Aquasec trivy Action
CPEs cpe:2.3:a:aquasec:trivy_action:*:*:*:*:*:*:*:*
Vendors & Products Aquasec
Aquasec trivy Action

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Aquasecurity
Aquasecurity trivy-action
Vendors & Products Aquasecurity
Aquasecurity trivy-action

Fri, 20 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
Description Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in `aquasecurity/trivy-action` versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes `export VAR=<input>` lines to `trivy_envs.txt` based on user-supplied inputs and subsequently sources this file in `entrypoint.sh`. Because input values are written without appropriate shell escaping, attacker-controlled input containing shell metacharacters (e.g., `$(...)`, backticks, or other command substitution syntax) may be evaluated during the sourcing process. This can result in arbitrary command execution within the GitHub Actions runner context. Version 0.34.0 contains a patch for this issue. The vulnerability is exploitable when a consuming workflow passes attacker-controlled data into any action input that is written to `trivy_envs.txt`. Access to user input is required by the malicious actor. Workflows that do not pass attacker-controlled data into `trivy-action` inputs, workflows that upgrade to a patched version that properly escapes shell values or eliminates the `source ./trivy_envs.txt` pattern, and workflows where user input is not accessible are not affected.
Title Trivy Action has a script injection via sourced env file in composite action
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Aquasec Trivy Action
Aquasecurity Trivy-action
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-19T21:23:33.970Z

Reserved: 2026-02-11T19:56:24.812Z

Link: CVE-2026-26189

cve-icon Vulnrichment

Updated: 2026-02-19T20:57:41.132Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-19T20:25:42.120

Modified: 2026-02-26T02:55:00.643

Link: CVE-2026-26189

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:45:44Z

Weaknesses