Arbitrary Command Execution Vulnerability in Spinnaker by Armory
CVE-2026-32604

10CRITICAL

Key Information:

Vendor: Spinnaker
Status: Spinnaker
Vendor: CVE Published:; 20 April 2026

What is CVE-2026-32604?

Spinnaker, a multi-cloud continuous delivery platform, is vulnerable to arbitrary command execution in specific versions. An attacker can exploit this vulnerability by executing arbitrary commands on clouddriver pods. This could lead to credential exposure, file deletion, or unauthorized resource injection. Users are advised to upgrade to patched versions 2026.1.0, 2026.0.1, 2025.4.2, or 2025.3.2, and consider disabling gitrepo artifact types as an additional workaround.