{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40161", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-09T19:31:56.014Z", "datePublished": "2026-04-21T16:26:27.381Z", "dateUpdated": "2026-04-21T17:41:38.895Z"}, "containers": {"cna": {"title": "Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL", "problemTypes": [{"descriptions": [{"cweId": "CWE-201", "lang": "en", "description": "CWE-201: Insertion of Sensitive Information Into Sent Data", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff"}, {"name": "https://github.com/tektoncd/pipeline/issues/9608", "tags": ["x_refsource_MISC"], "url": "https://github.com/tektoncd/pipeline/issues/9608"}, {"name": "https://github.com/tektoncd/pipeline/issues/9609", "tags": ["x_refsource_MISC"], "url": "https://github.com/tektoncd/pipeline/issues/9609"}], "affected": [{"vendor": "tektoncd", "product": "pipeline", "versions": [{"version": ">= 1.0.0, <= 1.10.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T16:26:27.381Z"}, "descriptions": [{"lang": "en", "value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint."}], "source": {"advisory": "GHSA-wjxp-xrpv-xpff", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T17:41:32.164689Z", "id": "CVE-2026-40161", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T17:41:38.895Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40161", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-21T17:41:32.164689Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T17:41:34.381Z"}}], "cna": {"title": "Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL", "source": {"advisory": "GHSA-wjxp-xrpv-xpff", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "tektoncd", "product": "pipeline", "versions": [{"status": "affected", "version": ">= 1.0.0, <= 1.10.0"}]}], "references": [{"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff", "name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/tektoncd/pipeline/issues/9608", "name": "https://github.com/tektoncd/pipeline/issues/9608", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/tektoncd/pipeline/issues/9609", "name": "https://github.com/tektoncd/pipeline/issues/9609", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-201", "description": "CWE-201: Insertion of Sensitive Information Into Sent Data"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T16:26:27.381Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40161", "state": "PUBLISHED", "dateUpdated": "2026-04-21T17:41:38.895Z", "dateReserved": "2026-04-09T19:31:56.014Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-21T16:26:27.381Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint."}], "id": "CVE-2026-40161", "lastModified": "2026-04-21T17:16:53.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-21T17:16:53.790", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/tektoncd/pipeline/issues/9608"}, {"source": "security-advisories@github.com", "url": "https://github.com/tektoncd/pipeline/issues/9609"}, {"source": "security-advisories@github.com", "url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-201"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,1.10.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "pipeline", "source": "cna", "vendor": "tektoncd"}, "product": "pipeline", "vendor": "tektoncd"}], "analysis": {"en": {"generated_at": "2026-04-21T22:40:25.356281+00:00", "value": {"mitigation_remediation": ["Upgrade Tekton Pipelines to the latest stable release where the Git resolver no longer transmits the system\u2011configured token when the token field is omitted.", "Restrict privileges so that only trusted users can create PipelineRun or TaskRun resources, thereby limiting the ability to supply arbitrary serverURLs.", "Enforce network policies or firewall rules to block outbound traffic from Tekton pods to unknown external endpoints, preventing exfiltration of credentials to attacker\u2011controlled servers."], "summary": {"action": "Immediate Patch", "impact": "Exfiltration of privileged API token via a user-controlled serverURL"}, "threat_synthesis": {"affected_systems": "The flaw affects the Tekton Pipelines product, versions 1.0.0 through 1.10.0. A tenant who has permission to create a TaskRun or PipelineRun can exploit this and direct the resolver to an attacker\u2011controlled endpoint to capture the API token.", "description_and_impact": "The vulnerability occurs when the Git resolver in Tekton Pipelines operates in API mode and the user omits the token parameter. Under these conditions, the resolver inadvertently sends the system\u2011configured Git API token\u2014such as a GitHub personal access token or GitLab token\u2014to the serverURL supplied by the user. This leak constitutes an unintended information exposure (CWE\u2011201) and can allow an attacker to obtain a credential that is generally trusted to perform actions on the developer\u2019s behalf, potentially leading to downstream compromise of source\u2011code repositories or other services that rely on the token.", "risk_and_exploitability": "The CVSS score of 7.7 indicates high impact for the affected users. Although the EPSS score is not publicly available and the vulnerability is not listed in the CISA KEV catalog, the attack vector requires local cluster access to create a run and a configurable serverURL. An attacker with the necessary permissions can directly exfiltrate the token, enabling unauthorized access to Git services. While exploitation is straightforward for an internal attacker, external exploitation would need a foothold with sufficient permissions."}}}}, "created": "2026-04-21T19:00:35.929728+00:00", "updated": "2026-04-21T22:45:16.059932+00:00", "vendors": ["tektoncd", "tektoncd$PRODUCT$pipeline"]}