CVE-2026-40938 Overview
CVE-2026-40938 is a command injection vulnerability in Tekton Pipelines, a Kubernetes-native CI/CD framework. The vulnerability exists in the git resolver component where the revision parameter is passed directly as a positional argument to git fetch without validation that it does not begin with a - character. This allows attackers to inject arbitrary git fetch flags, which when combined with the ability to use local filesystem paths as repository URLs, enables arbitrary code execution on the resolver pod with access to cluster-wide secrets.
Critical Impact
A tenant with the ability to submit ResolutionRequest objects can achieve arbitrary code execution on the resolver pod and exfiltrate all cluster-wide secrets due to the tekton-pipelines-resolvers ServiceAccount's broad permissions.
Affected Products
- Tekton Pipelines versions 1.0.0 to 1.10.x
- Tekton Pipelines git resolver component
- Kubernetes clusters running affected Tekton Pipelines versions
Discovery Timeline
- 2026-04-21 - CVE CVE-2026-40938 published to NVD
- 2026-04-22 - Last updated in NVD database
Technical Details for CVE-2026-40938
Vulnerability Analysis
This vulnerability falls under CWE-88 (Improper Neutralization of Argument Delimiters in a Command). The git resolver in Tekton Pipelines fails to sanitize the revision parameter before passing it to the underlying git fetch command. Because git's command-line parser processes flags from mixed positional arguments, an attacker-controlled revision value beginning with - is interpreted as a flag rather than a branch or commit reference.
The attack chain requires two conditions working together: first, the ability to inject arbitrary flags via the unsanitized revision parameter, and second, the validateRepoURL function's explicit allowance of URLs beginning with / (local filesystem paths). By combining these behaviors, an attacker can craft a malicious ResolutionRequest that executes arbitrary binaries through the --upload-pack=<binary> flag injection.
The impact is amplified by the elevated privileges of the tekton-pipelines-resolvers ServiceAccount, which holds cluster-wide get/list/watch permissions on all Secrets. Successful exploitation grants attackers the ability to exfiltrate sensitive credentials, API keys, and other secrets across the entire Kubernetes cluster.
Root Cause
The root cause is insufficient input validation in the git resolver's handling of the revision parameter. The parameter value is directly interpolated into the git fetch command without checking for leading dash characters that would cause the value to be interpreted as a command-line flag. This represents an argument injection vulnerability where user-controlled input crosses a trust boundary into a shell command context.
Attack Vector
The attack requires network access and low privileges (the ability to submit ResolutionRequest objects to the cluster). An attacker crafts a malicious ResolutionRequest with a revision parameter containing injected git flags such as --upload-pack=/path/to/malicious/binary. By specifying a local filesystem path as the repository URL (permitted by the validateRepoURL function), the attacker forces the git resolver to execute the specified binary during the fetch operation. This provides initial code execution, which can then be leveraged to access secrets via the ServiceAccount's elevated permissions.
The vulnerability mechanism involves injecting flags through the git fetch command's argument parsing. When the revision parameter begins with a dash character, git interprets it as a flag rather than a revision reference. The --upload-pack flag allows specification of an arbitrary executable to run. See the GitHub Security Advisory GHSA-94jr-7pqp-xhcq for technical details.
Detection Methods for CVE-2026-40938
Indicators of Compromise
- ResolutionRequest objects with revision parameters beginning with - character
- Unusual process execution from the tekton-pipelines-resolvers pod
- Unexpected secret access patterns from the tekton-pipelines-resolvers ServiceAccount
- Git fetch operations with suspicious flags such as --upload-pack
Detection Strategies
- Monitor Kubernetes audit logs for ResolutionRequest creation events with suspicious revision values
- Implement admission controllers to validate and reject ResolutionRequest objects with revision parameters starting with -
- Deploy runtime security monitoring to detect unexpected binary execution within resolver pods
- Enable and analyze git command execution logs for flag injection patterns
Monitoring Recommendations
- Configure alerting on abnormal secret access patterns from CI/CD service accounts
- Establish baseline behavior for tekton-pipelines-resolvers pod and alert on deviations
- Monitor network egress from resolver pods for potential data exfiltration
- Review Kubernetes RBAC audit logs for privilege escalation attempts
How to Mitigate CVE-2026-40938
Immediate Actions Required
- Upgrade Tekton Pipelines to version 1.11.1 or later immediately
- Audit existing ResolutionRequest objects for suspicious revision parameter values
- Review cluster secrets for potential compromise if exploitation is suspected
- Restrict permissions on who can create ResolutionRequest objects using RBAC policies
Patch Information
The vulnerability is fixed in Tekton Pipelines version 1.11.1. The patch adds validation to ensure the revision parameter cannot begin with a dash character, preventing flag injection attacks. Organizations should upgrade to the fixed version as soon as possible. The release is available at the GitHub Release v1.11.1.
Workarounds
- Implement Kubernetes admission webhooks to validate and reject ResolutionRequest objects with revision parameters starting with -
- Use network policies to restrict resolver pod egress as a defense-in-depth measure
- Consider reducing the permissions of the tekton-pipelines-resolvers ServiceAccount if cluster-wide secret access is not required
- Temporarily disable the git resolver if it is not actively used until patching is complete
# Upgrade Tekton Pipelines to patched version
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/v1.11.1/release.yaml
# Verify the updated version is deployed
kubectl get deployment tekton-pipelines-controller -n tekton-pipelines -o jsonpath='{.spec.template.spec.containers[0].image}'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
