CISA has added CVE-2026-33634, an embedded malicious code vulnerability in Aqua Security Trivy, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Organizations are strongly urged to prioritize timely remediation to reduce their exposure to cyberattacks.