CVE-2026-26189
CVE-2026-26189 affects aquasecurity/trivy-action (GitHub Action) where command injection is possible via unsafely exporting environment variables to trivy_envs.txt and sourcing it in entrypoint.sh. Affected versions are 0.31.0 through 0.33.1; a patch was released in 0.34.0. The issue arises from ...