CVE-2026-26189

CVE-2026-26189 is a command injection vulnerability (CWE-78) in the aquasecurity/trivy-action GitHub Action, which runs Trivy to scan Docker container images for vulnerabilities. The issue affects versions 0.31.0 through 0.33.1 and stems from improper handling of action inputs when exporting environment variables. Specifically, the action writes lines like `export VAR=<input>` to a `trivy_envs.txt` file based on user-supplied inputs, then sources this file in `entrypoint.sh` without proper shell escaping. This allows attacker-controlled input containing shell metacharacters, such as `$(...)`, backticks, or other command substitution syntax, to be evaluated.

An attacker who can supply input to a consuming GitHub Actions workflow—such as through access to user-controlled data—can exploit the vulnerability by injecting malicious payloads into any action input written to `trivy_envs.txt`. Successful exploitation leads to arbitrary command execution within the context of the GitHub Actions runner. The CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N) reflects a network-vector attack requiring high privileges and high attack complexity, with high impacts on confidentiality and integrity but no availability impact. Workflows not passing attacker-controlled data, those upgraded to patched versions, or those without accessible user input are unaffected.

Mitigation involves upgrading to version 0.34.0, which patches the issue by properly escaping shell values or eliminating the `source ./trivy_envs.txt` pattern. The GitHub security advisory (GHSA-9p44-j4g5-cfx5) and related commits detail the fix, confirming that affected workflows should avoid passing untrusted inputs to the action until patched.