CVE-2026-40090 Overview
CVE-2026-40090 is a Path Traversal vulnerability affecting Zarf, an Airgap Native Packager Manager for Kubernetes. The vulnerability exists in the zarf package inspect sbom and zarf package inspect documentation subcommands, where output file paths are constructed by joining a user-controlled output directory with the package's Metadata.Name field. This field is read directly from an untrusted package's zarf.yaml manifest without proper sanitization, allowing attackers to write arbitrary files to the filesystem.
Critical Impact
Attackers can achieve arbitrary file write to sensitive locations such as SSH authorized_keys or cron directories, potentially leading to remote code execution or persistent backdoor access on systems running vulnerable Zarf versions.
Affected Products
- Zarf versions 0.23.0 through 0.74.1
Discovery Timeline
- 2026-04-15 - CVE CVE-2026-40090 published to NVD
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2026-40090
Vulnerability Analysis
This vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly known as Path Traversal. The flaw stems from insufficient validation of the Metadata.Name field when constructing output paths during the SBOM and documentation inspection operations.
While Zarf validates Metadata.Name against a regex during package creation, this validation is bypassed when an attacker manually unarchives an existing package and modifies the zarf.yaml manifest. The modified package can then be redistributed to unsuspecting users who trust the package format.
When a victim runs inspection commands on the malicious package, the crafted Metadata.Name containing path traversal sequences is used directly in file path construction, allowing files to be written outside the intended output directory.
Root Cause
The root cause is the implicit trust placed in package metadata read from zarf.yaml during inspection operations. Although input validation exists at package creation time, the inspection workflow assumes packages have not been tampered with after creation. The output path construction uses simple string concatenation or path joining without sanitizing or validating the Metadata.Name field against directory traversal sequences.
Attack Vector
The attack requires user interaction—specifically, a victim must download and run inspection commands against a maliciously crafted Zarf package. An attacker prepares the exploit by:
- Creating or obtaining a legitimate Zarf package
- Unarchiving the package to access the zarf.yaml manifest
- Modifying Metadata.Name to include path traversal sequences such as ../../etc/cron.d/malicious or absolute paths like /home/user/.ssh/authorized_keys
- Including corresponding malicious files inside SBOMS.tar with matching names
- Re-archiving the package and distributing it to potential victims
When the victim inspects the package using zarf package inspect sbom or zarf package inspect documentation, the attacker-controlled content is written to arbitrary filesystem locations within the permissions of the user running the command.
Detection Methods for CVE-2026-40090
Indicators of Compromise
- Unexpected file modifications in sensitive directories such as /etc/cron.d/, /home/*/.ssh/, or system configuration paths
- Zarf packages with Metadata.Name fields containing ../ sequences or absolute paths starting with /
- Unusual entries in SBOMS.tar archives within Zarf packages that reference paths outside expected directories
Detection Strategies
- Implement file integrity monitoring on critical system directories to detect unauthorized file writes
- Audit Zarf package contents before inspection, specifically examining zarf.yaml for suspicious Metadata.Name values
- Monitor process execution logs for zarf package inspect commands followed by unexpected file system activity
- Use endpoint detection solutions to identify path traversal patterns in command-line arguments and file operations
Monitoring Recommendations
- Enable detailed logging for Zarf CLI operations to track package inspection activities
- Configure alerts for file write operations in sensitive directories when preceded by Zarf process execution
- Implement sandbox environments for inspecting untrusted Zarf packages before deployment
How to Mitigate CVE-2026-40090
Immediate Actions Required
- Upgrade Zarf to version 0.74.2 or later immediately to address this vulnerability
- Audit any Zarf packages received from untrusted sources before inspection
- Review system logs for signs of exploitation, particularly unauthorized file writes in sensitive directories
- Restrict Zarf CLI usage to dedicated service accounts with minimal filesystem permissions
Patch Information
The vulnerability has been fixed in Zarf version 0.74.2. The fix implements proper path sanitization to prevent traversal sequences from escaping the intended output directory. For detailed patch information, see the GitHub Pull Request 4793 and the GitHub Security Advisory GHSA-pj97-4p9w-gx3q.
Workarounds
- Run Zarf inspection commands in isolated container environments or virtual machines to limit the impact of potential file writes
- Manually verify zarf.yaml contents of packages before running inspection commands, checking for path traversal sequences in Metadata.Name
- Use dedicated low-privilege user accounts for Zarf operations to minimize the impact of arbitrary file writes
- Implement strict network policies to prevent download of packages from untrusted sources
# Example: Run Zarf inspection in an isolated container
docker run --rm -v /path/to/package:/package:ro zarf:0.74.2 package inspect sbom /package/suspicious-package.tar.zst
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
