CVE ID: - CVE-2026-24905 Affected Versions: - <=v0.48.0 Patched Versions: - v0.48.1 Severity: - Moderate Weaknesses: - CWE-77 - CWE-78 Impact: - An attacker able to exploit this vulnerability would be able to execute arbitrary commands on the Linux host where the command is launched or on the build container if the flag is not provided. Attack Complexity: - The structure is extracted from the YAML passed to the command. The attacker would need to control either the full file or one of its options, typically in a CI/CD scenario. Suggested Remediation: - Sanitize build options by providing a robust whitelist. - Revisit the design of image building to prevent shell substitution.