Am I affected by CVE-2026-33634?

42 internal European Commission clients and at least 29 other EU entities using the Europa.eu web hosting service. Any organization that exchanged emails with these entities may have data in the leak.

How do I fix CVE-2026-33634?

Monitor for credential exposure from the leaked dataset. If you used Trivy in CI/CD pipelines, rotate all AWS keys and pipeline secrets immediately. Block scan.aquasecurtiy[.]org and 45.148.10.212. Pin Trivy to v0.69.3, trivy-action to v0.35.0, setup-trivy to v0.2.6.

CERT-EU confirms TeamPCP breached European Commission via Trivy - 30 EU entities exposed, 340GB leaked

breach

CVE-2026-33634

2026-04-03

CERT-EU confirms TeamPCP breached European Commission via Trivy - 30 EU entities exposed, 340GB leaked

The European Commission cloud hack we first reported on March 29 is far worse than initially disclosed. CERT-EU now confirms TeamPCP used an AWS API key stolen through the Trivy supply chain attack to breach the Commission's Amazon cloud environment on March 10 - five days before anyone noticed. The stolen data includes personal information, usernames, and 52,000 email files across 71 hosted clients: 42 internal Commission departments and at least 29 other EU entities. ShinyHunters published the full 340GB dataset on their leak site.

Check: If your organization interacted with any Europa.eu hosted service, assume your contact data may be in the leaked dataset.
Affected: 42 internal European Commission clients and at least 29 other EU entities using the Europa.eu web hosting service. Any organization that exchanged emails with these entities may have data in the leak.
Fix: Monitor for credential exposure from the leaked dataset. If you used Trivy in CI/CD pipelines, rotate all AWS keys and pipeline secrets immediately. Block scan.aquasecurtiy[.]org and 45.148.10.212. Pin Trivy to v0.69.3, trivy-action to v0.35.0, setup-trivy to v0.2.6.