Am I affected by CVE-2026-33634?

Trivy (compromised tags March 19), LiteLLM 1.82.7-1.82.8, Checkmarx KICS GitHub Actions (March 23), Telnyx 4.87.1-4.87.2.

How do I fix CVE-2026-33634?

Pin all open-source dependencies to exact versions. Rotate all credentials exposed in affected pipelines. Treat affected environments as fully compromised.

TeamPCP's 9-day supply chain rampage - Trivy to LiteLLM to Checkmarx to Telnyx

threat

CVE-2026-33634

2026-03-27

TeamPCP's 9-day supply chain rampage - Trivy to LiteLLM to Checkmarx to Telnyx

One group, four major compromises, nine days. TeamPCP started by backdooring Aqua Security's Trivy vulnerability scanner on March 19 - then used the stolen CI/CD credentials to poison LiteLLM, Checkmarx tools, and Telnyx one after another. Each compromised tool handed them the keys to the next target. They've now partnered with the Vect ransomware gang to turn stolen access into extortion.

Check: Audit any CI/CD pipeline that used Trivy, LiteLLM, or Telnyx between March 19-27.
Affected: Trivy (compromised tags March 19), LiteLLM 1.82.7-1.82.8, Checkmarx KICS GitHub Actions (March 23), Telnyx 4.87.1-4.87.2.
Fix: Pin all open-source dependencies to exact versions. Rotate all credentials exposed in affected pipelines. Treat affected environments as fully compromised.