CVE-2026-32604

Daily digests

If you use Spinnaker's gitrepo artifact type, an attacker can inject commands through the branch name or file path fields. The clouddriver-artifacts-gitrepo module doesn't properly sanitize user input, so a crafted pipeline config gives the attacker remote code execution on the Clouddriver host. CVSS 10.0, not yet exploited in the wild.

• Daily Digest · Apr 21, 2026

  4 CVSS 10.0s today, Spinnaker RCE tops the list