Description
Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive information. Users using the affected artifact are advised to immediately remove it and rotate environment secrets. The malicious artifact has been removed from the marketplace. No other affected artifacts have been identified.
Published: 2026-03-05
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized code execution leading to potential exfiltration of sensitive data
Action: Immediate Removal
AI Analysis

Impact

In version 1.8.12 of the Aqua Security Trivy VS Code Extension, code was added that exploits the local AI coding agent to collect and exfiltrate sensitive information. The injected code represents a code injection flaw (CWE-506) that allows an attacker to execute arbitrary logic on the host system where the extension runs. The impact is a compromise of confidentiality and integrity of environment secrets and other data that the extension may access.

Affected Systems

Aqua Security Trivy VS Code Extension, version 1.8.12, distributed through the OpenVSX marketplace, is the only affected variant; no other versions or artifacts have been identified as compromised.

Risk and Exploitability

The vulnerability scores a CVSS of 10, indicating critical severity, yet the EPSS probability is reported as less than 1%, implying low likelihood of exploitation at the moment. The extension runs locally within the VS Code environment, so the attack vector is an end‑user installing or updating the plugin. Since the malicious artifact has already been removed from the marketplace, the remaining risk revolves around devices that still have the compromised extension installed or have cached remnants. The vulnerability is not listed in the CISA KEV catalog, but its high impact warrants immediate attention.

Generated by OpenCVE AI on April 16, 2026 at 12:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Uninstall or disable the Trivy VS Code Extension version 1.8.12 and delete its cached files from the local VS Code environment
  • Verify that no residual files such as configuration scripts or temporary caches remain that could still contain malicious code
  • Rotate or revoke all environment secrets that might have been accessed by the malicious extension

Generated by OpenCVE AI on April 16, 2026 at 12:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Aquasecurity
Aquasecurity trivy-vscode-extension
Vendors & Products Aquasecurity
Aquasecurity trivy-vscode-extension

Thu, 05 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Description Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive information. Users using the affected artifact are advised to immediately remove it and rotate environment secrets. The malicious artifact has been removed from the marketplace. No other affected artifacts have been identified.
Title Trivy Vulnerability Scanner: Unauthorized AI Agent Execution Code Included in OpenVSX Extension Release
Weaknesses CWE-506
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Aquasecurity Trivy-vscode-extension
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-06T17:04:35.360Z

Reserved: 2026-02-26T18:38:13.890Z

Link: CVE-2026-28353

cve-icon Vulnrichment

Updated: 2026-03-06T17:04:30.236Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-05T20:16:16.493

Modified: 2026-03-09T13:36:08.413

Link: CVE-2026-28353

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:15:35Z

Weaknesses