CVE-2026-32604 and CVE-2026-32613 are both 10.0 severity vulnerabilities in the Spinnaker continuous delivery platform which allow attackers to execute arbitrary code and access credentials for production environments and source control.

They're a natural path for moving from a compromised workstation to more sensitive areas.

The blog post contains a comprehensive technical breakdown and working POCs.