Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tektoncd — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting tektoncd. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TektonCD serves as a cloud-native CI/CD framework for Kubernetes, automating application delivery pipelines. Historically, vulnerabilities have included remote code execution (RCE) through insecure pipeline configurations, cross-site scripting (XSS) in web UI components, and privilege escalation flaws in task permissions. Security characteristics include its declarative YAML-based pipeline definitions, though misconfigurations remain a common risk vector. While no major public security incidents have been widely reported, the 8 recorded CVEs highlight potential risks in container image handling, service account permissions, and webhook validation, emphasizing the need for strict input sanitization and least-privilege implementations in production environments.

Top products by tektoncd: pipeline
CVE IDTitleCVSSSeverityPublished
CVE-2026-40923 Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check — pipelineCWE-22 5.4 Medium2026-04-21
CVE-2026-40924 Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion — pipelineCWE-400 6.5 Medium2026-04-21
CVE-2026-40938 Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE — pipelineCWE-88 7.5 High2026-04-21
CVE-2026-40161 Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL — pipelineCWE-201 7.7 High2026-04-21
CVE-2026-25542 Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching — pipelineCWE-185 6.5 Medium2026-04-21
CVE-2026-33211 Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod — pipelineCWE-22 9.6 Critical2026-03-23
CVE-2026-33022 Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun — pipelineCWE-129 6.5 Medium2026-03-20
CVE-2023-37264 Pipelines do not validate child UIDs — pipelineCWE-345 3.7 Low2023-07-07

This page lists every published CVE security advisory associated with tektoncd. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.