https://community.appian.com/support/w/kb/3792/kb-2377-information-about-the-teampcp-canisterworm-supply-chain-compromiseen-USTelligent Community 12https://community.appian.com/support/w/kb/3792/kb-2377-information-about-the-teampcp-canisterworm-supply-chain-compromiseThu, 02 Apr 2026 17:24:45 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:2b641df6-4046-4163-8fdb-477ef1c73152Kaushal Patelhttps://community.appian.com/support/w/kb/3792/kb-2377-information-about-the-teampcp-canisterworm-supply-chain-compromise#commentsCurrent Revision posted to Appian Knowledge Base by Kaushal Patel on 4/2/2026 5:24:45 PM<br /> <p><span style="font-weight:400;">In late February and March 2026, a widespread supply chain campaign orchestrated by a threat actor known as TeamPCP (associated with the &quot;CanisterWorm&quot; malware) </span><a href="https://www.endorlabs.com/learn/teampcp-isnt-done"><span style="font-weight:400;">compromised</span></a><span style="font-weight:400;"> over 50 open-source libraries across multiple ecosystems, including PyPI, npm, Docker Hub, and GitHub Actions.&nbsp;</span></p> <p><span style="font-weight:400;">While the campaign impacted dozens of libraries, notable targets included the litellm library on PyPI (versions 1.82.7 and 1.82.8) and Aqua Security&#39;s vulnerability scanner, Trivy (</span><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33634"><span style="font-weight:400;">CVE-2026-33634</span></a><span style="font-weight:400;">).&nbsp;</span></p> <p><span style="font-weight:400;">Appian has investigated this broader campaign and affected services, and determined that it is not impacted. No vulnerable versions of the affected libraries associated with the TeamPCP/CanisterWorm compromise are present in the Appian Cloud environment or any of Appian&rsquo;s products. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2 id="mcetoc_1jl7jgb3u1"><span style="font-weight:400;">Additional Notes:</span></h2> <p><span style="font-weight:400;">The following CVE was released with additional information on the scope of the vulnerability:</span></p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33634"><span style="font-weight:400;">CVE-2026-33634</span></a><span style="font-weight:400;"> - (Aquasecurity Trivy Embedded Malicious Code Vulnerability)</span></p> <h2 id="mcetoc_1jl7jgb3u1"><span style="font-weight:400;">Supporting Documentation:</span></h2> <ul> <li><a href="https://www.endorlabs.com/learn/teampcp-isnt-done"><span style="font-weight:400;">https://www.endorlabs.com/learn/teampcp-isnt-done</span></a> <ul></ul> <a href="https://www.mend.io/blog/canisterworm-the-self-spreading-npm-attack-that-uses-a-decentralized-server-to-stay-alive/"><span style="font-weight:400;"></span></a></li> <li><a href="https://www.mend.io/blog/canisterworm-the-self-spreading-npm-attack-that-uses-a-decentralized-server-to-stay-alive/"><span style="font-weight:400;">https://www.mend.io/blog/canisterworm-the-self-spreading-npm-attack-that-uses-a-decentralized-server-to-stay-alive/</span></a></li> </ul> <h2 id="mcetoc_1jl7jgb3u2"><span>Affected Versions</span></h2> <p><span>This article applies to all supported versions of Appian.</span></p> <p><span>Last reviewed:&nbsp;</span><span>April 2, 2026</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: Security</div> https://community.appian.com/support/w/kb/3792/kb-2377-information-about-the-teampcp-canisterworm-supply-chain-compromise/revision/2Thu, 02 Apr 2026 17:24:34 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:2b641df6-4046-4163-8fdb-477ef1c73152Kaushal Patelhttps://community.appian.com/support/w/kb/3792/kb-2377-information-about-the-teampcp-canisterworm-supply-chain-compromise#commentsRevision 2 posted to Appian Knowledge Base by Kaushal Patel on 4/2/2026 5:24:34 PM<br /> <p><span style="font-weight:400;">In late February and March 2026, a widespread supply chain campaign orchestrated by a threat actor known as TeamPCP (associated with the &quot;CanisterWorm&quot; malware) </span><a href="https://www.endorlabs.com/learn/teampcp-isnt-done"><span style="font-weight:400;">compromised</span></a><span style="font-weight:400;"> over 50 open-source libraries across multiple ecosystems, including PyPI, npm, Docker Hub, and GitHub Actions.&nbsp;</span></p> <p><span style="font-weight:400;">While the campaign impacted dozens of libraries, notable targets included the litellm library on PyPI (versions 1.82.7 and 1.82.8) and Aqua Security&#39;s vulnerability scanner, Trivy (</span><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33634"><span style="font-weight:400;">CVE-2026-33634</span></a><span style="font-weight:400;">).&nbsp;</span></p> <p><span style="font-weight:400;">Appian has investigated this broader campaign and affected services, and determined that it is not impacted. No vulnerable versions of the affected libraries associated with the TeamPCP/CanisterWorm compromise are present in the Appian Cloud environment or any of Appian&rsquo;s products. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2 id="mcetoc_1jl7jgb3u1"><span style="font-weight:400;">Additional Notes:</span></h2> <p><span style="font-weight:400;">The following CVE was released with additional information on the scope of the vulnerability:</span></p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33634"><span style="font-weight:400;">CVE-2026-33634</span></a><span style="font-weight:400;"> - (Aquasecurity Trivy Embedded Malicious Code Vulnerability)</span></p> <h2 id="mcetoc_1jl7jgb3u1"><span style="font-weight:400;">Supporting Documentation:</span></h2> <ul> <li><a href="https://www.endorlabs.com/learn/teampcp-isnt-done"><span style="font-weight:400;">https://www.endorlabs.com/learn/teampcp-isnt-done</span></a> <ul></ul> <a href="https://www.mend.io/blog/canisterworm-the-self-spreading-npm-attack-that-uses-a-decentralized-server-to-stay-alive/"><span style="font-weight:400;"></span></a></li> <li><a href="https://www.mend.io/blog/canisterworm-the-self-spreading-npm-attack-that-uses-a-decentralized-server-to-stay-alive/"><span style="font-weight:400;">https://www.mend.io/blog/canisterworm-the-self-spreading-npm-attack-that-uses-a-decentralized-server-to-stay-alive/</span></a></li> </ul> <h2 id="mcetoc_1jl7jgb3u2"><span>Affected Versions</span></h2> <p><span>This article applies to all supported versions of Appian.</span></p> <p><span>Last reviewed:&nbsp;</span><span>April 2, 2026</span></p><div style="clear:both;"></div> https://community.appian.com/support/w/kb/3792/kb-2377-information-about-the-teampcp-canisterworm-supply-chain-compromise/revision/1Thu, 02 Apr 2026 17:24:18 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:2b641df6-4046-4163-8fdb-477ef1c73152Kaushal Patelhttps://community.appian.com/support/w/kb/3792/kb-2377-information-about-the-teampcp-canisterworm-supply-chain-compromise#commentsRevision 1 posted to Appian Knowledge Base by Kaushal Patel on 4/2/2026 5:24:18 PM<br /> <p><span style="font-weight:400;">In late February and March 2026, a widespread supply chain campaign orchestrated by a threat actor known as TeamPCP (associated with the &quot;CanisterWorm&quot; malware) </span><a href="https://www.endorlabs.com/learn/teampcp-isnt-done"><span style="font-weight:400;">compromised</span></a><span style="font-weight:400;"> over 50 open-source libraries across multiple ecosystems, including PyPI, npm, Docker Hub, and GitHub Actions.&nbsp;</span></p> <p><span style="font-weight:400;">While the campaign impacted dozens of libraries, notable targets included the litellm library on PyPI (versions 1.82.7 and 1.82.8) and Aqua Security&#39;s vulnerability scanner, Trivy (</span><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33634"><span style="font-weight:400;">CVE-2026-33634</span></a><span style="font-weight:400;">).&nbsp;</span></p> <p><span style="font-weight:400;">Appian has investigated this broader campaign and affected services, and determined that it is not impacted. No vulnerable versions of the affected libraries associated with the TeamPCP/CanisterWorm compromise are present in the Appian Cloud environment or any of Appian&rsquo;s products. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2 id="mcetoc_1jl7jgb3u1"><span style="font-weight:400;">Additional Notes:</span></h2> <p><span style="font-weight:400;">The following CVE was released with additional information on the scope of the vulnerability:</span></p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33634"><span style="font-weight:400;">CVE-2026-33634</span></a><span style="font-weight:400;"> - (Aquasecurity Trivy Embedded Malicious Code Vulnerability)</span></p> <h2 id="mcetoc_1jl7jgb3u1"><span style="font-weight:400;">Supporting Documentation:</span></h2> <ul> <li><a href="https://www.endorlabs.com/learn/teampcp-isnt-done"><span style="font-weight:400;">https://www.endorlabs.com/learn/teampcp-isnt-done</span></a> <ul></ul> <a href="https://www.mend.io/blog/canisterworm-the-self-spreading-npm-attack-that-uses-a-decentralized-server-to-stay-alive/"><span style="font-weight:400;"></span></a></li> <li><a href="https://www.mend.io/blog/canisterworm-the-self-spreading-npm-attack-that-uses-a-decentralized-server-to-stay-alive/"><span style="font-weight:400;">https://www.mend.io/blog/canisterworm-the-self-spreading-npm-attack-that-uses-a-decentralized-server-to-stay-alive/</span></a></li> </ul> <h2 id="mcetoc_1jl7jgb3u2"><span>Affected Versions</span></h2> <p><span>This article applies to all supported versions of Appian.</span></p> <p><span>Last reviewed:&nbsp;</span><span>April 2, 2026</span></p><div style="clear:both;"></div>