CVE-2026-28406
HIGH EPSS 42.3%
Published Feb 27, 20264mo ago · Modified Mar 6, 20263mo ago
8.2 CVSS 3.1
Published Feb 27, 2026 4mo ago
Last Modified Mar 6, 2026 3mo ago
Description
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability Low
Threat Intelligence
EPSS Exploit Probability
42.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| chainguard | kaniko | * | ≥1.25.4 – <1.25.10 |
References 3
- github.com https://github.com/chainguard-forks/kaniko/commit/a370e4b1f66e6e842b685c8f70ed507964c4b221
- github.com https://github.com/chainguard-forks/kaniko/pull/326
- github.com https://github.com/chainguard-forks/kaniko/security/advisories/GHSA-6rxq-q92g-4rmf
Remediation
- github.com https://github.com/chainguard-forks/kaniko/commit/a370e4b1f66e6e842b685c8f70ed507964c4b221
- github.com https://github.com/chainguard-forks/kaniko/pull/326
- github.com https://github.com/chainguard-forks/kaniko/security/advisories/GHSA-6rxq-q92g-4rmf