{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40938", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-15T20:40:15.518Z", "datePublished": "2026-04-21T20:45:24.658Z", "dateUpdated": "2026-04-21T20:45:24.658Z"}, "containers": {"cna": {"title": "Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE", "problemTypes": [{"descriptions": [{"cweId": "CWE-88", "lang": "en", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"}, {"name": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"}], "affected": [{"vendor": "tektoncd", "product": "pipeline", "versions": [{"version": ">= 1.0.0, < 1.11.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T20:45:24.658Z"}, "descriptions": [{"lang": "en", "value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. This vulnerability is fixed in 1.11.1."}], "source": {"advisory": "GHSA-94jr-7pqp-xhcq", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. This vulnerability is fixed in 1.11.1."}], "id": "CVE-2026-40938", "lastModified": "2026-04-21T21:16:46.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-21T21:16:46.283", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"}, {"source": "security-advisories@github.com", "url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,1.11.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "pipeline", "source": "cna", "vendor": "tektoncd"}, "product": "pipeline", "vendor": "tektoncd"}], "analysis": {"en": {"generated_at": "2026-04-22T06:24:46.292665+00:00", "value": {"mitigation_remediation": ["Upgrade Tekton Pipelines to v1.11.1 or later to apply the fix.", "Restrict the creation of ResolutionRequest objects by tightening RBAC so that only trusted users can submit them.", "Limit the tekton-pipelines-resolvers ServiceAccount permissions to the minimal set required, removing cluster-wide read access to Secrets if possible."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Tekton Pipelines deployments using the tektoncd:pipeline project, specifically versions 1.0.0 through 1.11.0, are affected. Upgrading to 1.11.1 or later resolves the issue; systems running any earlier release remain vulnerable until a patch is applied.", "description_and_impact": "The Tekton Pipelines project, from version 1.0.0 to before 1.11.0, passes the git resolver's revision parameter directly to the git fetch command without validating that it does not begin with a minus sign. An attacker who can submit a ResolutionRequest can therefore inject arbitrary git flags, such as --upload-pack, into the fetch call. Coupled with the validateRepoURL function that permits URLs starting with a slash, this permits chaining the injection of a binary name that will be executed on the resolver pod. Because the resolver runs under the tekton-pipelines-resolvers ServiceAccount, which has cluster-wide get/list/watch permissions on all Secrets, even a single successful exploit leads to full cluster-wide secret exfiltration. This flaw is a Remote Code Execution vulnerability and is identified as CWE-88.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity risk of arbitrary code execution. No EPSS score is presently available, so the exact exploitation probability cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the capability to create or modify a ResolutionRequest, which can be achievable in multi-tenant or permissively configured namespaces. Successful exploitation results in the attacker gaining broad cluster access to Secrets via the resolver pod."}}}}, "created": "2026-04-22T03:45:06.831494+00:00", "updated": "2026-04-22T06:30:10.674198+00:00", "vendors": ["tektoncd", "tektoncd$PRODUCT$pipeline"]}