CVE-2026-28353 concerns a supply chain compromise of the Trivy Vulnerability Scanner VS Code extension (version 1.8.12) distributed through the OpenVSX marketplace. Trivy is a popular open-source tool by Aqua Security used to detect vulnerabilities in container images and codebases. The compromised extension contained embedded malicious code that exploited a local AI coding agent integrated with the extension environment. This malicious code was designed to stealthily collect sensitive information such as environment secrets, credentials, or proprietary code snippets and exfiltrate them to an attacker-controlled endpoint. The attack requires no user interaction, privileges, or authentication, and operates remotely over the network, making it highly accessible to attackers. The malicious artifact was identified and removed from the marketplace shortly after discovery. The vulnerability is classified under CWE-506 (Embedded Malicious Code) and has a CVSS 4.0 base score of 10.0, reflecting its critical severity and broad impact on confidentiality, integrity, and availability. No other versions or related artifacts have been found to be affected, and no active exploitation has been reported to date. The incident highlights the risks of supply chain attacks in software development tools, especially those integrating AI capabilities that can be abused to access sensitive data.

The impact of CVE-2026-28353 is severe for organizations globally, particularly those relying on the Trivy VS Code extension for vulnerability scanning in their development workflows. The embedded malicious code can lead to the unauthorized disclosure of sensitive environment secrets, credentials, proprietary source code, and other confidential information. This data leakage can facilitate further attacks such as privilege escalation, lateral movement, intellectual property theft, and compromise of production environments. Since the extension operates within developers' local environments, the breach can bypass traditional network defenses and endpoint protections. The lack of required privileges or user interaction lowers the barrier for exploitation, increasing the risk of widespread compromise. Organizations with automated CI/CD pipelines or cloud-native development practices that integrate Trivy are especially vulnerable. The reputational damage, regulatory consequences, and operational disruptions resulting from such a breach can be substantial. Although no known exploits are currently active, the critical severity and ease of exploitation necessitate immediate remediation to prevent potential attacks.

To mitigate the risks posed by CVE-2026-28353, organizations should take the following specific actions: 1) Immediately identify and uninstall version 1.8.12 of the Trivy VS Code extension from all developer workstations and build environments. 2) Rotate all environment secrets, API keys, credentials, and tokens that may have been exposed during the period the compromised extension was installed. 3) Audit recent access logs and network traffic for signs of data exfiltration or suspicious activity related to the extension's usage timeframe. 4) Restrict or monitor network egress from developer machines to detect anomalous connections potentially used for exfiltration. 5) Educate developers on verifying the integrity and provenance of extensions and tools, emphasizing the risks of supply chain compromises. 6) Consider implementing application allowlisting or endpoint detection solutions that can detect or block unauthorized code execution within development environments. 7) Monitor official Aqua Security channels and OpenVSX marketplace for updates or patches and apply any new versions after verification. 8) Review and enhance supply chain security policies to include vetting of third-party extensions and dependencies. These measures go beyond generic advice by focusing on the specific nature of this embedded malicious code and its exploitation vector.