CVE-2026-32604 and CVE-2026-32613 are both 10.0 severity vulnerabilities in Spinnaker, which allow attackers to execute arbitrary code and access production cloud environments and source control.

They provide an easy path from a compromised workstation to more sensitive areas.

Our blog post contains a comprehensive technical breakdown and working POCs.