CVE-2026-33211 Overview
CVE-2026-33211 is a critical path traversal vulnerability in Tekton Pipelines, a Kubernetes-native CI/CD framework maintained by the Linux Foundation. The vulnerability exists in the git resolver component and allows attackers to read arbitrary files from the resolver pod's filesystem by manipulating the pathInRepo parameter. This flaw enables tenants with permission to create ResolutionRequests (through TaskRuns or PipelineRuns) to access sensitive data including ServiceAccount tokens, with the exfiltrated file contents returned base64-encoded in the resolutionrequest.status.data field.
Critical Impact
Attackers can exploit this path traversal vulnerability to read sensitive files including Kubernetes ServiceAccount tokens from the resolver pod, potentially enabling lateral movement and privilege escalation within the cluster.
Affected Products
- Tekton Pipelines version 1.0.0
- Tekton Pipelines versions 1.0.0 to 1.0.1 (prior to patch)
- Tekton Pipelines versions 1.3.x prior to 1.3.3
- Tekton Pipelines versions 1.6.x prior to 1.6.1
- Tekton Pipelines versions 1.9.x prior to 1.9.2
- Tekton Pipelines versions 1.10.x prior to 1.10.2
Discovery Timeline
- 2026-03-24 - CVE-2026-33211 published to NVD
- 2026-03-26 - Last updated in NVD database
Technical Details for CVE-2026-33211
Vulnerability Analysis
The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly known as path traversal or directory traversal. The git resolver in Tekton Pipelines fails to properly sanitize the pathInRepo parameter before using it to construct file paths. This allows an attacker to use directory traversal sequences (such as ../) to escape the intended repository directory and access arbitrary files on the resolver pod's filesystem.
When a tenant creates a ResolutionRequest through mechanisms like TaskRuns or PipelineRuns, the git resolver processes the request and reads the specified file path. Without proper input validation, malicious path components can traverse outside the repository context. The file contents are then returned base64-encoded in the resolutionrequest.status.data field, providing a direct data exfiltration channel.
The scope of this vulnerability extends beyond the vulnerable component itself, as successful exploitation can lead to disclosure of ServiceAccount tokens mounted within the resolver pod, which could then be used to authenticate to the Kubernetes API and perform unauthorized actions.
Root Cause
The root cause is insufficient input validation in the git resolver's handling of the pathInRepo parameter. The component fails to properly sanitize or restrict directory traversal sequences, allowing path manipulation that escapes the intended repository boundary. This is a classic path traversal flaw where user-controlled input is used directly in file path construction without adequate validation.
Attack Vector
The attack is network-accessible and requires low privileges—specifically, permission to create ResolutionRequests either directly or through TaskRuns/PipelineRuns that leverage the git resolver. The attacker crafts a malicious pathInRepo value containing directory traversal sequences (e.g., ../../../../etc/passwd or ../../../var/run/secrets/kubernetes.io/serviceaccount/token) to read files outside the intended repository directory.
The vulnerability requires no user interaction and can be exploited by any tenant with the requisite permissions, making it particularly dangerous in multi-tenant Kubernetes environments where Tekton Pipelines is deployed as a shared CI/CD platform.
Detection Methods for CVE-2026-33211
Indicators of Compromise
- Unusual ResolutionRequest objects with pathInRepo values containing ../ sequences or absolute paths
- Base64-encoded data in resolutionrequest.status.data that decodes to sensitive system files or credentials
- Anomalous read access patterns to files like /etc/passwd, /proc/self/environ, or ServiceAccount token paths within resolver pods
- Kubernetes audit logs showing unexpected file access patterns from git resolver workloads
Detection Strategies
- Implement Kubernetes admission controllers (e.g., OPA Gatekeeper, Kyverno) to validate and reject ResolutionRequest resources with suspicious pathInRepo patterns
- Enable and monitor Kubernetes audit logging for all ResolutionRequest create/update operations
- Deploy runtime security tools to detect anomalous file access within resolver pod containers
- Configure SIEM rules to alert on base64-encoded sensitive file patterns in API response data
Monitoring Recommendations
- Monitor for ResolutionRequest objects with pathInRepo values exceeding expected path depth or containing traversal sequences
- Set up alerts for resolver pods accessing files outside of expected repository mount paths
- Review Tekton Pipelines controller logs for resolution errors or unusual file access patterns
- Implement continuous security scanning of running Tekton deployments to identify vulnerable versions
How to Mitigate CVE-2026-33211
Immediate Actions Required
- Upgrade Tekton Pipelines to a patched version immediately: 1.0.1, 1.3.3, 1.6.1, 1.9.2, or 1.10.2 depending on your current version branch
- Audit existing ResolutionRequest resources and Tekton Pipeline/Task definitions for potentially malicious pathInRepo values
- Review Kubernetes RBAC configurations to ensure only trusted principals can create ResolutionRequests, TaskRuns, and PipelineRuns
- Rotate any ServiceAccount tokens that may have been exposed if exploitation is suspected
Patch Information
Security patches have been released across multiple version branches. Affected users should upgrade to one of the following versions:
- Version 1.0.1 for users on the 1.0.x branch - Security patch commit
- Version 1.3.3 for users on the 1.3.x branch
- Version 1.6.1 for users on the 1.6.x branch
- Version 1.9.2 for users on the 1.9.x branch
- Version 1.10.2 for users on the 1.10.x branch
For complete patch details and security advisory information, refer to the GitHub Security Advisory GHSA-j5q5-j9gm-2w5c.
Workarounds
- Restrict RBAC permissions for creating ResolutionRequests, TaskRuns, and PipelineRuns to highly trusted users and service accounts only
- Deploy Kubernetes admission controllers with policies to reject pathInRepo values containing ../ or other path traversal patterns
- Consider disabling or removing the git resolver from Tekton Pipelines deployments if it is not required for your workflows
- Implement network policies to limit resolver pod egress and reduce the impact of potential credential theft
# Example: Verify Tekton Pipelines version
kubectl get deploy tekton-pipelines-controller -n tekton-pipelines -o jsonpath='{.spec.template.spec.containers[0].image}'
# Upgrade Tekton Pipelines to patched version (example using kubectl)
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.10.2/release.yaml
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
