{"data":{"id":"66708cbb-bda9-4b48-86a9-d04dc8c9a852","title":"CVE-2026-28353: Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.","summary":"Trivy VSCode Extension version 1.8.12 (a tool that scans code for security weaknesses) was compromised with malicious code that could steal sensitive information by using local AI coding agents (AI tools running on a developer's computer). The malicious version has been removed from the marketplace where it was distributed.","solution":"Users are advised to immediately remove the affected artifact and rotate environment secrets (credentials and keys stored on their system).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-28353","publishedAt":"2026-03-05T20:16:16.493Z","cveId":"CVE-2026-28353","cweIds":["CWE-506"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain","data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Trivy","VS Code"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00044,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}