Brief Summary: Spinnaker CVE-2026-32604 Remote Code Execution via GitRepo Artifact Input Injection

Introduction

A critical input validation flaw in Spinnaker's clouddriver component allows any authenticated user with low privileges to execute arbitrary commands on clouddriver pods simply by crafting malicious values in gitrepo artifact configuration fields. Because Spinnaker orchestrates deployments across multiple cloud providers, a compromise of clouddriver does not just affect a single pod; it can cascade into credential theft, file destruction, and unauthorized resource injection across every cloud environment the platform manages.

Spinnaker is an open source, multi cloud continuous delivery platform originally developed by Netflix, which publicly states that Spinnaker powers the vast majority of its software deployments. The project is governed by the Continuous Delivery Foundation and is widely adopted by organizations deploying to AWS, GCP, Kubernetes, and other cloud targets. Its position as a central control plane for production deployments makes any RCE vulnerability in the platform a serious concern for infrastructure security teams.

Technical Information

Root Cause

CVE-2026-32604 is classified under CWE-20 (Improper Input Validation). The vulnerable package is io.spinnaker.clouddriver:clouddriver-artifacts-gitrepo. The core issue is that user supplied input in the branch and paths fields of gitrepo artifact configurations is not properly sanitized before being passed to underlying system operations.

How GitRepo Artifacts Work

During normal pipeline execution, when a Git repository artifact is requested, Clouddriver performs the following sequence:

1. Clones the entire Git repository specified in the artifact configuration.
2. Sends the artifact contents to the pipeline for use in deployment stages.
3. Deletes the cloned repository from the local filesystem.

The branch and path parameters control which branch is checked out and which files are extracted from the repository. Because these values are incorporated into system level operations (likely shell commands for git clone and related operations), unsanitized input in these fields can break out of the intended command context and execute attacker controlled commands on the clouddriver pod.

Attack Flow

Based on the advisory details and the CVSS vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), the exploitation path follows these steps:

1. Access: An attacker with low privilege access to the Spinnaker platform (for example, a user who can configure or trigger pipelines) identifies a pipeline that uses gitrepo artifact types, or creates a new one.

2. Injection: The attacker supplies a crafted value in the branch or paths field of the gitrepo artifact configuration. This value contains shell metacharacters or command injection syntax that will be interpreted by the underlying system when Clouddriver processes the artifact.

3. Execution: When the pipeline runs and Clouddriver attempts to clone the repository using the attacker controlled branch or path value, the injected commands execute with the privileges of the clouddriver process on the pod.

4. Impact: From the clouddriver pod, the attacker can:

   • Expose credentials: Clouddriver typically holds credentials for multiple cloud providers. These can be read from environment variables, mounted secrets, or configuration files.
   • Remove files: Critical configuration or runtime files on the pod can be deleted, disrupting operations.
   • Inject resources: The attacker can use the cloud provider credentials accessible from the pod to create, modify, or delete resources in any cloud environment managed by Spinnaker.

Scope and Severity

The CVSS 3.1 base score is 9.9 (the GitHub Security Advisory rates it at 10.0). The "Changed" scope metric is particularly significant here. It reflects the fact that compromising the clouddriver component grants access to resources well beyond the pod itself, specifically the cloud accounts and environments that Spinnaker is configured to manage. The combination of network attack vector, low complexity, low privileges required, and no user interaction makes this vulnerability straightforward to exploit for anyone with basic access to a Spinnaker instance.

Affected Systems and Versions

The vulnerability affects the io.spinnaker.clouddriver:clouddriver-artifacts-gitrepo package in Spinnaker. All versions prior to the following patched releases are vulnerable:

• All versions prior to 2025.3.2 in the 2025.3.x release line
• All versions prior to 2025.4.2 in the 2025.4.x release line
• All versions prior to 2026.0.1 in the 2026.0.x release line
• All versions prior to 2026.1.0 in the 2026.1.x release line

The vulnerability is only exploitable in environments where gitrepo artifact types are enabled. Deployments that do not use gitrepo artifacts are not affected, and disabling this artifact type serves as a viable workaround.

Organizations should upgrade to one of the patched versions listed above. Release notes for versions 2025.3.2 and 2025.4.2 explicitly confirm the inclusion of a fix labeled "gitrepo: Fix git repo validation."

Vendor Security History

The rapid release of patches across four concurrent version lines demonstrates a mature and responsive security process from the Spinnaker maintainers. The project's governance under the Continuous Delivery Foundation and its origins at Netflix contribute to a security posture that, while not immune to vulnerabilities, shows a pattern of prompt remediation when issues are identified.

References

• GitHub Security Advisory GHSA-x3j7-7pgj-h87r
• Spinnaker Release 2025.3.2
• Spinnaker Release 2025.4.2
• Spinnaker Release 2026.0.1
• Spinnaker GitHub Repository
• Clouddriver GitHub Repository
• Spinnaker GitRepo Artifact Configuration Documentation
• Spinnaker Official Website
• CISA Known Exploited Vulnerabilities Catalog