Critical Spinnaker Vulnerability Exposes Cloud Credentials

/CRITICAL /CVSS 9.9/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severitycwe-20
Critical Spinnaker Vulnerability Exposes Cloud Credentials

The National Vulnerability Database (NVD) has detailed a critical vulnerability, CVE-2026-32604, impacting Spinnaker, an open-source multi-cloud continuous delivery platform. Versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 are susceptible to arbitrary command execution on clouddriver pods. This exploit is remarkably simple, allowing attackers to readily expose sensitive credentials, delete files, or inject malicious resources into cloud environments. The NVD assigns this a CVSS score of 9.9, reflecting its critical severity.

What This Means For You

  • If your organization uses Spinnaker for continuous delivery, immediately verify your version. If you are running any version prior to the patched releases (2026.1.0, 2026.0.1, 2025.4.2, 2025.3.2), apply the patch without delay. As an interim measure, consider disabling the gitrepo artifact types to mitigate the risk.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1059.004 Command and Scripting Interpreter: Unix Shell Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1059.004 Execution

CVE-2026-32604 - Spinnaker Clouddriver Arbitrary Command Execution

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-32604 Vulnerability CVE-2026-32604
CVE-2026-32604 Affected Product versions

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 21, 2026 at 00:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-5721 — Cross-Site Scripting (XSS)

CVE-2026-5721 — The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all...

vulnerabilityCVEmedium-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-6729 — HKUDS OpenHarness prior to PR #159 remediation contains a

CVE-2026-6729 — HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to...

vulnerabilityCVEmedium-severitycwe-287
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 2 IOCs

CVE-2026-4852 — Cross-Site Scripting (XSS)

CVE-2026-4852 — The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image...

vulnerabilityCVEmedium-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /MEDIUM /6.4 /⚑ 2 IOCs /⚙ 3 Sigma