CVE-2026-24905 Overview
CVE-2026-24905 is a command injection vulnerability (CWE-77) affecting Inspektor Gadget, a popular framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The vulnerability exists in the ig image build functionality, specifically within the Makefile template used during the gadget image building process. User-controlled data from the YAML gadget manifest is embedded into Makefile commands without proper escaping, allowing attackers to inject and execute arbitrary commands.
Critical Impact
Attackers who can control values in the buildOptions structure can execute arbitrary commands on Linux hosts running the ig command with the --local flag, or within the build container when the flag is not used.
Affected Products
- Inspektor Gadget versions prior to 0.48.1
- Systems running ig image build with untrusted gadget manifests
- CI/CD pipelines that build untrusted gadgets for verification
Discovery Timeline
- 2026-01-29 - CVE CVE-2026-24905 published to NVD
- 2026-01-29 - Last updated in NVD database
Technical Details for CVE-2026-24905
Vulnerability Analysis
This vulnerability represents a classic command injection flaw in the build toolchain of Inspektor Gadget. The ig binary includes functionality for building custom gadget OCI images, implemented primarily in cmd/common/image/build.go. During this process, a Makefile.build template is populated with values from a user-supplied YAML manifest (build.yml). The critical flaw lies in how certain parameters from the buildOptions structure—specifically the CFlags field—were directly embedded into shell commands within the Makefile without adequate escaping or sanitization.
When the ig image build command processes a malicious build.yml file, an attacker-controlled cflags value would be interpolated directly into the compilation command. Since Makefiles execute shell commands, specially crafted values containing shell metacharacters could break out of the intended context and execute arbitrary commands.
Root Cause
The root cause of this vulnerability is improper input validation and unsafe handling of user-controlled data in shell command construction. The CFlags field from the YAML manifest was directly passed to the Makefile's $(CFLAGS) variable, which was then used in the compilation command without any escaping. This allowed shell command injection through the YAML configuration file.
The vulnerable code path accepted a cflags YAML field that was directly concatenated into the clang compilation command:
$(CLANG) $(BASECFLAGS) $(subst @ARCH@,$*,$(CFLAGS)) -D __TARGET_ARCH_...
Attack Vector
The attack requires local access and the ability to control the build.yml file passed to the ig image build command. This scenario is particularly relevant in CI/CD environments where automated pipelines may build untrusted gadget images for verification purposes. An attacker could submit a malicious gadget manifest containing shell metacharacters in the cflags field, which would be executed during the build process.
The impact varies based on the build configuration:
- With --local flag: Commands execute directly on the Linux host running ig
- Without --local flag: Commands execute within the build container invoked by ig
Patch Analysis (Go struct definition):
EBPFSource string `yaml:"ebpfsource"`
Wasm string `yaml:"wasm"`
Metadata string `yaml:"metadata"`
- CFlags string `yaml:"cflags"`
}
type cmdOpts struct {
Source: GitHub Commit Update
Patch Analysis (Makefile.build):
# Since Ubuntu does not install it in a standard path, add a compiler flag for
# it.
BASECFLAGS = -target bpf -Wall -g -O2 -I/usr/include/$(shell uname -m)-linux-gnu
-CFLAGS ?=
OUTPUTDIR ?= /tmp
EBPFSOURCE ?= program.bpf.c
-CARGOFLAGS ?=
+CARGOFLAGS =
+INCLUDEFLAGS =
FORCE_COLORS ?= false
+USE_IN_TREE_HEADERS ?= false
ifeq ($(FORCE_COLORS), true)
CARGOFLAGS += --color always
endif
+ifeq ($(USE_IN_TREE_HEADERS), true)
+ INCLUDEFLAGS += -I /work/include/ -I /work/include/gadget/@ARCH@/
+endif
+
ARCHS = amd64 arm64
TARGETS = $(foreach ARCH,$(ARCHS),$(OUTPUTDIR)/$(ARCH).bpf.o)
.PHONY: ebpf
ebpf: $(TARGETS)
$(OUTPUTDIR)/%.bpf.o: $(EBPFSOURCE)
- $(CLANG) $(BASECFLAGS) $(subst @ARCH@,$*,$(CFLAGS)) -D __TARGET_ARCH_$(subst amd64,x86,$*) \
+ $(CLANG) $(BASECFLAGS) $(subst @ARCH@,$*,$(INCLUDEFLAGS)) -D __TARGET_ARCH_$(subst amd64,x86,$*) \
-c $< -I /usr/include/gadget/$*/ -o $@
Source: GitHub Commit Update
Detection Methods for CVE-2026-24905
Indicators of Compromise
- Unusual build.yml files containing shell metacharacters (;, |, $(), backticks) in the cflags field
- Unexpected process spawning during ig image build operations
- Anomalous network connections or file system modifications during gadget build processes
- CI/CD build logs showing unexpected command execution outputs
Detection Strategies
- Monitor CI/CD pipelines for ig image build commands processing untrusted sources
- Implement file integrity monitoring on systems running Inspektor Gadget build operations
- Review gadget manifest files (build.yml) for suspicious content before building
- Enable command auditing on systems running the ig binary
Monitoring Recommendations
- Configure process execution monitoring on build hosts to detect command injection attempts
- Implement input validation checks on gadget manifests in CI/CD workflows
- Set up alerts for unusual child processes spawned by the ig binary
- Monitor container escape attempts when building gadgets without the --local flag
How to Mitigate CVE-2026-24905
Immediate Actions Required
- Upgrade Inspektor Gadget to version 0.48.1 or later immediately
- Audit all existing build.yml files for suspicious cflags values
- Review CI/CD pipeline configurations that build untrusted gadget images
- Implement strict input validation on gadget manifests before processing
Patch Information
The vulnerability is fixed in Inspektor Gadget version 0.48.1. The fix removes the ability to customize CFLAGS from the build.yaml configuration file entirely, eliminating the injection vector. The patch introduces a safer INCLUDEFLAGS variable that is controlled by a boolean flag (USE_IN_TREE_HEADERS) rather than accepting arbitrary user input.
For detailed patch information, see the GitHub Security Advisory GHSA-79qw-g77v-2vfh and the security commit.
Workarounds
- Avoid building gadget images from untrusted sources until patched
- Implement pre-build validation to reject manifests containing shell metacharacters
- Run build operations in isolated, disposable environments with restricted permissions
- Use network segmentation to limit the impact of potential command execution
# Upgrade Inspektor Gadget to patched version
# Using go install
go install github.com/inspektor-gadget/inspektor-gadget/cmd/ig@v0.48.1
# Verify installed version
ig version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
