GHSA-rx35-6rhx-7858

Suggest an improvement
Source
https://github.com/advisories/GHSA-rx35-6rhx-7858
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-rx35-6rhx-7858/GHSA-rx35-6rhx-7858.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rx35-6rhx-7858
Aliases
  • CVE-2026-40923
Published
2026-04-21T20:26:41Z
Modified
2026-04-21T20:32:44.922760Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check
Details

Summary

A validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but resolves to /tekton/results at runtime.

Details

Tekton Pipelines restricts VolumeMount paths under /tekton/ (except /tekton/home) to prevent users from interfering with internal execution state. The validation at pkg/apis/pipeline/v1/container_validation.go checks mount paths using strings.HasPrefix without normalizing the path first:

if strings.HasPrefix(vm.MountPath, "/tekton/") &&
    !strings.HasPrefix(vm.MountPath, "/tekton/home") {
    // reject
}

Because /tekton/home is an allowed prefix, a path like /tekton/home/../results passes both checks. At runtime, the container runtime resolves .. and the actual mount point becomes /tekton/results.

The same pattern exists in pkg/apis/pipeline/v1beta1/task_validation.go.

Impact

An authenticated user with Task or TaskRun creation permissions can mount volumes over internal Tekton paths, potentially:

  • Writing fake task results that downstream pipelines trust
  • Reading or modifying step scripts before execution
  • Interfering with entrypoint coordination state

Patches

A patch is available at v1.11.1.

Workarounds

  • Use admission controllers (OPA/Gatekeeper, Kyverno) to validate that VolumeMount paths do not contain .. components.
  • In multi-tenant setups, restrict who can create Task and TaskRun resources via RBAC.

Affected Versions

All versions through v1.11.0 (both v1 and v1beta1 APIs).

Acknowledgments

This vulnerability was reported by @kodareef5.

Database specific 
{
    "github_reviewed": true,
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed_at": "2026-04-21T20:26:41Z",
    "severity": "MODERATE"
}
References

Affected packages

Go / github.com/tektoncd/pipeline

Package

Name
github.com/tektoncd/pipeline
View open source insights on deps.dev
Purl
pkg:golang/github.com/tektoncd/pipeline

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.11.1

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-rx35-6rhx-7858/GHSA-rx35-6rhx-7858.json"
last_known_affected_version_range 
"<= 1.11.0"