CVE-2026-33211
Received Received - Intake
Path Traversal in Tekton Pipelines Git Resolver Exposes Secrets

Publication date: 2026-03-24

Last updated on: 2026-03-26

Assigner: GitHub, Inc.

Description
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-26
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33211
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linuxfoundation tekton_pipelines From 1.1.0 (inc) to 1.3.3 (exc)
linuxfoundation tekton_pipelines From 1.10.0 (inc) to 1.10.2 (exc)
linuxfoundation tekton_pipelines From 1.4.0 (inc) to 1.6.1 (exc)
linuxfoundation tekton_pipelines From 1.7.0 (inc) to 1.9.2 (exc)
linuxfoundation tekton_pipelines 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include upgrading Tekton Pipelines to a patched version that contains the fix for CVE-2026-33211. The fixed versions are 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 or later.'}, {'type': 'paragraph', 'content': "The fix involves validating the `pathInRepo` parameter to reject any paths containing `..` components and reading files safely from git's object store rather than directly from the filesystem, preventing path traversal and symlink escape attacks."}, {'type': 'paragraph', 'content': 'If immediate upgrade is not possible, restrict which users or service accounts have permission to create ResolutionRequests, TaskRuns, or PipelineRuns that use the git resolver, as these permissions enable exploitation.'}, {'type': 'paragraph', 'content': 'Tighten RBAC permissions for the resolver pod’s ServiceAccount to limit access to Kubernetes secrets and other sensitive resources, reducing the impact of potential exploitation.'}, {'type': 'paragraph', 'content': 'Monitor and audit usage of the git resolver and ResolutionRequests for suspicious activity as a temporary detection and response measure.'}] [2, 3]

Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-33211 is a critical path traversal vulnerability in the Tekton Pipelines git resolver component. It arises because the `pathInRepo` parameter was not properly validated, allowing an attacker with permission to create ResolutionRequests (such as via TaskRuns or PipelineRuns using the git resolver) to supply crafted paths containing traversal sequences like `../../../../etc/passwd`. This enables reading arbitrary files from the resolver pod's filesystem."}, {'type': 'paragraph', 'content': "The vulnerability was introduced when the git resolver switched from using the go-git library's in-memory filesystem to shelling out to the native git binary and reading files directly from the pod's filesystem using `os.ReadFile()`. This change removed protections against path traversal and allowed attackers to escape the intended repository directory."}, {'type': 'paragraph', 'content': 'Exploiting this flaw, an attacker can read sensitive files such as Kubernetes ServiceAccount tokens, which are base64-encoded and returned in the `resolutionrequest.status.data` field, effectively creating a data exfiltration channel.'}, {'type': 'paragraph', 'content': "The fix involves validating the `pathInRepo` parameter to reject any paths containing `..` components, stripping leading slashes for compatibility, and reading files safely from git's object store using `git show HEAD:<path>`. It also includes checks to prevent symlink escapes outside the repository directory."}] [2, 3, 4]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability allows an attacker with limited permissions (permission to create ResolutionRequests) to read arbitrary files from the resolver pod's filesystem, including sensitive Kubernetes secrets such as ServiceAccount tokens."}, {'type': 'paragraph', 'content': 'Since the resolver pod’s ServiceAccount often has broad RBAC permissions, including cluster-wide access to secrets, exfiltrating these tokens can lead to full privilege escalation within the Kubernetes cluster.'}, {'type': 'paragraph', 'content': "An attacker could use this to steal credentials, gain unauthorized access to cluster resources, and potentially compromise the entire cluster's security."}] [2, 3, 4]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for ResolutionRequests or TaskRuns/PipelineRuns that use the git resolver with suspicious or crafted `pathInRepo` parameters containing path traversal sequences such as `..` or paths targeting sensitive files like `/etc/passwd` or Kubernetes ServiceAccount tokens.'}, {'type': 'paragraph', 'content': "Since the vulnerability involves reading arbitrary files from the resolver pod's filesystem and returning their base64-encoded contents in `resolutionrequest.status.data`, inspecting these status fields for unexpected or sensitive data can help detect exploitation attempts."}, {'type': 'paragraph', 'content': 'Specific commands to detect exploitation attempts could include querying Kubernetes for ResolutionRequests with suspicious `pathInRepo` parameters or examining the status data fields for base64-encoded content that decodes to sensitive files.'}, {'type': 'list_item', 'content': 'Use kubectl to list ResolutionRequests and inspect their parameters and status, for example:'}, {'type': 'list_item', 'content': "`kubectl get resolutionrequests -o json | jq '.items[] | {name: .metadata.name, pathInRepo: .spec.params[]?.value, data: .status.data}'`"}, {'type': 'list_item', 'content': 'Look for `pathInRepo` values containing `..` or absolute paths.'}, {'type': 'list_item', 'content': 'Decode base64 data in `.status.data` fields to check for sensitive file contents, e.g.:'}, {'type': 'list_item', 'content': '`echo <base64_data> | base64 --decode`'}, {'type': 'paragraph', 'content': 'Additionally, monitoring logs of the resolver pod for unusual git resolver invocations or errors related to file reads outside the repository may help detect attempts to exploit this vulnerability.'}] [2, 3, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart