CVE-2026-32604 - Spinnaker - Command Injection

Overview

Spinnaker < 2026.1.0, 2026.0.1, 2025.4.2, 2025.3.2 contains a command injection caused by improper input handling in clouddriver pods, letting attackers execute arbitrary commands, exploit requires access to clouddriver pods.

Severity & Score

Severity: Critical

CVSS Score: 9.9

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary commands, exposing credentials, deleting files, or injecting resources, leading to full system compromise.

Mitigation

Update to versions 2026.1.0, 2026.0.1, 2025.4.2, or 2025.3.2 or later; as a workaround, disable gitrepo artifact types.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Apr 20, 2026

🔴 CVE-2026-32604 - Critical (9.9) Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, re... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32604/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Apr 20, 2026

🔴 CVE-2026-32604 - Critical (9.9) Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, re... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32604/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-32604 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(2 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score