Description
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction.
Published: 2026-02-27
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: File write outside intended directory during build context extraction, enabling potential code execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises when kaniko extracts build context tar archives by joining the destination path with each entry name without ensuring the resolved path remains within the intended destination. A crafted archive that contains entries such as '../outside.txt' causes the extraction process to write files outside the destination directory, violating the principle of least privilege. In a container or Kubernetes environment where kaniko is running with registry authentication, the attacker can chain this path traversal with docker credential helpers to execute arbitrary code inside the executor process. The weakness belongs to path traversal (CWE‑22) and can lead to local code execution and compromise of the host running kaniko.

Affected Systems

It affects Chainguard forks' kaniko container images and executables from version 1.25.4 up to, but not including, 1.25.10. Versions released 1.25.10 and newer incorporate a securejoin implementation to prevent the traversal.

Risk and Exploitability

The vulnerability has a CVSS score of 8.2, indicating high severity, yet the exploit probability is very low with an EPSS score below 1 %. It is not listed in CISA’s KEV catalog. The attack requires the attacker to supply a malicious tar archive as part of the build context; no network or privilege escalation outside the build environment is necessary. In a typical scenario, a supply‑chain attacker could embed the malicious payload in a Dockerfile’s context. The failure to enforce path boundaries during extraction permits writing files to arbitrary locations on the host filesystem used by kaniko, potentially enabling the execution of shell commands or the overwriting of critical configuration files.

Generated by OpenCVE AI on April 16, 2026 at 15:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to kaniko 1.25.10 or any later release that uses securejoin for tar extraction.
  • Ensure that any build context tar files are created only from trusted sources and validated to disallow parent directory references before being passed to kaniko.
  • Restrict registry authentication within kaniko builds or remove docker credential helpers if not absolutely required, to reduce the feasibility of chaining this vulnerability into code execution.

Generated by OpenCVE AI on April 16, 2026 at 15:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6rxq-q92g-4rmf kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories
History

Fri, 06 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Chainguard
Chainguard kaniko
CPEs cpe:2.3:a:chainguard:kaniko:*:*:*:*:*:*:*:*
Vendors & Products Chainguard
Chainguard kaniko

Mon, 02 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Chainguard-forks
Chainguard-forks kaniko
Vendors & Products Chainguard-forks
Chainguard-forks kaniko

Sat, 28 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 27 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
Description kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction.
Title kaniko has tar archive path traversal in build context extraction allows writing files outside destination directory
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L'}

Subscriptions

Chainguard Kaniko
Chainguard-forks Kaniko
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-02T22:00:32.356Z

Reserved: 2026-02-27T15:33:57.289Z

Link: CVE-2026-28406

cve-icon Vulnrichment

Updated: 2026-03-02T22:00:29.031Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-27T22:16:23.513

Modified: 2026-03-06T19:29:21.457

Link: CVE-2026-28406

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-27T21:20:52Z

Links: CVE-2026-28406 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:15:39Z

Weaknesses