Description
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
Published: 2026-04-21
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Tekton Pipelines, which supplies Kubernetes‑style resources for CI/CD pipelines, contains a flaw in the git resolver. From version 1.0.0 up to just before 1.11.1, the resolver accepts a revision parameter that is directly passed as a positional argument to git fetch without checking whether it begins with a hyphen. This means an attacker with the ability to create or modify a ResolutionRequest can inject arbitrary git fetch flags, for example --upload-pack=<binary>. Because the validator for repository URLs also allows paths beginning with a slash, a malicious request can chain the injection to run an arbitrary binary on the resolver pod. The resolver runs under the tekton‑pipelines‑resolvers ServiceAccount, which has cluster‑wide get/list/watch permissions on all Secrets, so successful exploitation results in full cluster‑wide secret exfiltration. The vulnerability enables remote code execution and is classified as CWE‑88.

Affected Systems

Tekton Pipelines deployments using the tektoncd:pipeline project, specifically versions 1.0.0 through 1.11.0, are affected. Upgrading to 1.11.1 or later resolves the issue; systems running any earlier release remain vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity risk of arbitrary code execution. The EPSS score of 0.00088 indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the capability to create or modify a ResolutionRequest, which can be achievable in multi-tenant or permissively configured namespaces. Successful exploitation results in the attacker gaining broad cluster access to Secrets via the resolver pod.

Generated by OpenCVE AI on May 21, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Tekton Pipelines to v1.11.1 or later to apply the fix.
  • Restrict the creation of ResolutionRequest objects by tightening RBAC so that only trusted users can submit them.
  • Limit the tekton-pipelines-resolvers ServiceAccount permissions to the minimal set required, removing cluster‑wide read access to Secrets if possible.

Generated by OpenCVE AI on May 21, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-94jr-7pqp-xhcq Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
History

Thu, 21 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. This vulnerability is fixed in 1.11.1. Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.

Tue, 28 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 27 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Linuxfoundation
Linuxfoundation tekton Pipelines
CPEs cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:*
Vendors & Products Linuxfoundation
Linuxfoundation tekton Pipelines

Wed, 22 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
First Time appeared Tektoncd
Tektoncd pipeline
Vendors & Products Tektoncd
Tektoncd pipeline

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. This vulnerability is fixed in 1.11.1.
Title Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
Weaknesses CWE-88
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Linuxfoundation Tekton Pipelines
Tektoncd Pipeline
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-21T22:40:09.754Z

Reserved: 2026-04-15T20:40:15.518Z

Link: CVE-2026-40938

cve-icon Vulnrichment

Updated: 2026-04-22T18:13:47.095Z

cve-icon NVD

Status : Modified

Published: 2026-04-21T21:16:46.283

Modified: 2026-05-21T23:16:44.873

Link: CVE-2026-40938

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-21T20:45:24Z

Links: CVE-2026-40938 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T00:00:13Z

Weaknesses