LiteLLM (PyPI), the Telnyx Python SDK (PyPI), and Checkmarx GitHub Actions workflows are identified as secondary affected scope within the coordinated supply chain attack (SCC-CAM-2026-0170), meaning these platforms were exposed to or leveraged by the same credential-harvesting infrastructure as the primary Axios and Trivy compromises. No separate CVEs are assigned to these secondary vectors; their exposure derives from the upstream supply chain compromise rather than independent vulnerabilities. Organizations using these packages or workflows should audit dependency manifests for versions present during March 2026, review CI/CD pipeline logs for anomalous executions of Checkmarx actions, and rotate any credentials accessible to pipelines that resolved these dependencies.