CVE-2026-32604 and CVE-2026-32613 are both 10.0 severity vulnerabilities in Spinnaker, which allow attackers to execute arbitrary code and access credentials for production cloud environments and source control.

They give attackers a natural path to move from a compromised workstation to production, even when developers themselves don't have direct access.

Our blog post contains a comprehensive technical breakdown and working POCs.