CVE-2026-29064 Overview
CVE-2026-29064 is a path traversal vulnerability affecting Zarf, an airgap-native package manager for Kubernetes developed by LF Projects. The vulnerability exists in the archive extraction functionality, where a specially crafted Zarf package can create symlinks that point outside the intended destination directory. This allows attackers to achieve arbitrary file read or write operations on systems processing malicious packages.
Critical Impact
Attackers can craft malicious Zarf packages that exploit symlink handling during archive extraction to read sensitive files or write arbitrary content to the filesystem, potentially compromising airgapped Kubernetes environments.
Affected Products
- Zarf versions 0.54.0 to 0.73.0
- LF Projects Zarf package manager deployments
- Kubernetes environments using vulnerable Zarf versions for airgap package management
Discovery Timeline
- 2026-03-06 - CVE-2026-29064 published to NVD
- 2026-03-11 - Last updated in NVD database
Technical Details for CVE-2026-29064
Vulnerability Analysis
This path traversal vulnerability (CWE-22) affects the archive extraction mechanism within Zarf. The flaw occurs when processing Zarf packages, where symbolic links within the archive are not properly validated against directory traversal attempts. When a malicious package is processed, symlinks pointing to paths like ../../../etc/passwd or similar traversal patterns are followed without restriction, allowing access to files outside the intended extraction directory.
The vulnerability requires local access and user interaction to exploit, as victims must process a maliciously crafted Zarf package. However, once triggered, the impact is severe—attackers can achieve both high confidentiality and high integrity impacts by reading sensitive configuration files, credentials, or overwriting critical system files and Kubernetes configurations.
Root Cause
The root cause lies in insufficient validation of symlink targets during the archive extraction process. When Zarf extracts package contents, it fails to verify that symbolic links resolve to paths within the designated destination directory. This allows path traversal sequences (e.g., ../) embedded in symlink targets to escape the extraction boundary and reference arbitrary filesystem locations.
Attack Vector
The attack requires an adversary to craft a malicious Zarf package containing specially constructed symbolic links. When a victim processes this package—either during deployment to an airgapped Kubernetes cluster or during package inspection—the vulnerable extraction routine follows the symlinks beyond the intended directory boundary. This enables two primary attack scenarios:
Arbitrary File Read: Symlinks can point to sensitive files such as /etc/shadow, Kubernetes secrets, or application configuration files containing credentials. When the package processing logic reads through these symlinks, sensitive data is exposed.
Arbitrary File Write: By combining symlink creation with file extraction, attackers can overwrite critical files including systemd unit files, cron jobs, SSH authorized_keys, or Kubernetes manifests, potentially leading to further system compromise or denial of service.
The vulnerability description indicates that a specifically crafted package structure is required to exploit this flaw. For detailed technical information on the vulnerability mechanism and exploitation patterns, refer to the GitHub Security Advisory GHSA-hcm4-6hpj-vghm.
Detection Methods for CVE-2026-29064
Indicators of Compromise
- Presence of unexpected symbolic links in Zarf package extraction directories pointing to paths outside the destination
- Unusual file access patterns or modifications in system directories (e.g., /etc/, /root/, /var/) during Zarf package processing
- Log entries indicating file operations outside expected Zarf working directories
- Modified system files with timestamps correlating to Zarf package deployment activities
Detection Strategies
- Monitor file system operations during Zarf package processing for symlink creation with traversal patterns
- Implement file integrity monitoring (FIM) on critical system files and Kubernetes configuration directories
- Review Zarf deployment logs for anomalous extraction paths or error messages indicating path resolution issues
- Deploy endpoint detection capabilities to identify suspicious file read/write operations originating from Zarf processes
Monitoring Recommendations
- Enable detailed logging for all Zarf package operations, including extraction events
- Configure alerts for any symbolic link creation events within Zarf working directories
- Monitor for access to sensitive files (/etc/passwd, /etc/shadow, Kubernetes secrets) by Zarf-related processes
- Implement SentinelOne Singularity XDR for real-time detection of path traversal exploitation attempts
How to Mitigate CVE-2026-29064
Immediate Actions Required
- Upgrade Zarf to version 0.73.1 or later immediately
- Audit all recently processed Zarf packages for potential compromise indicators
- Review file system integrity on systems that processed untrusted Zarf packages
- Implement strict package validation policies requiring cryptographic verification of Zarf package sources
Patch Information
The vulnerability has been patched in Zarf version 0.73.1. Organizations should upgrade to this version or later to address the path traversal flaw. The fix implements proper symlink target validation during archive extraction, ensuring that symbolic links cannot reference paths outside the designated extraction directory.
Patch details and release notes are available at the GitHub Zarf Release v0.73.1 page. The security advisory with full technical details is published at the GitHub Security Advisory GHSA-hcm4-6hpj-vghm.
Workarounds
- Only process Zarf packages from trusted, verified sources until the patch is applied
- Implement filesystem isolation (containers, sandboxing) when processing untrusted packages
- Deploy Zarf package processing in environments with minimal filesystem access and restricted permissions
- Use read-only filesystem mounts for sensitive directories when running Zarf operations
# Verify current Zarf version
zarf version
# Upgrade Zarf to patched version
# Using go install
go install github.com/zarf-dev/zarf/cmd/zarf@v0.73.1
# Verify upgrade was successful
zarf version
# Expected output should show v0.73.1 or later
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
