Description
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. This vulnerability is fixed in 1.11.1.
Published: 2026-04-21
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The Tekton Pipelines project, from version 1.0.0 to before 1.11.0, passes the git resolver's revision parameter directly to the git fetch command without validating that it does not begin with a minus sign. An attacker who can submit a ResolutionRequest can therefore inject arbitrary git flags, such as --upload-pack, into the fetch call. Coupled with the validateRepoURL function that permits URLs starting with a slash, this permits chaining the injection of a binary name that will be executed on the resolver pod. Because the resolver runs under the tekton-pipelines-resolvers ServiceAccount, which has cluster-wide get/list/watch permissions on all Secrets, even a single successful exploit leads to full cluster-wide secret exfiltration. This flaw is a Remote Code Execution vulnerability and is identified as CWE-88.

Affected Systems

Tekton Pipelines deployments using the tektoncd:pipeline project, specifically versions 1.0.0 through 1.11.0, are affected. Upgrading to 1.11.1 or later resolves the issue; systems running any earlier release remain vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity risk of arbitrary code execution. No EPSS score is presently available, so the exact exploitation probability cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the capability to create or modify a ResolutionRequest, which can be achievable in multi-tenant or permissively configured namespaces. Successful exploitation results in the attacker gaining broad cluster access to Secrets via the resolver pod.

Generated by OpenCVE AI on April 22, 2026 at 06:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Tekton Pipelines to v1.11.1 or later to apply the fix.
  • Restrict the creation of ResolutionRequest objects by tightening RBAC so that only trusted users can submit them.
  • Limit the tekton-pipelines-resolvers ServiceAccount permissions to the minimal set required, removing cluster-wide read access to Secrets if possible.

Generated by OpenCVE AI on April 22, 2026 at 06:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-94jr-7pqp-xhcq Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
History

Wed, 22 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
First Time appeared Tektoncd
Tektoncd pipeline
Vendors & Products Tektoncd
Tektoncd pipeline

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. This vulnerability is fixed in 1.11.1.
Title Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
Weaknesses CWE-88
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Tektoncd Pipeline
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-21T20:45:24.658Z

Reserved: 2026-04-15T20:40:15.518Z

Link: CVE-2026-40938

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:46.283

Modified: 2026-04-21T21:16:46.283

Link: CVE-2026-40938

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T06:30:10Z

Weaknesses