Cyber Resilience

CVE-2026-29064

HighPublic PoC

Published: 06 March 2026

Published
06 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS Score 0.0022 12.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-29064 is a high-severity Path Traversal (CWE-22) vulnerability in Lfprojects Zarf. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-29064 is a path traversal vulnerability (CWE-22) in Zarf, an air-gapped native package manager for Kubernetes. The issue affects versions from 0.54.0 up to but not including 0.73.1, where archive extraction mishandles symlinks in a specifically crafted Zarf package. This allows symlinks to point outside the destination directory, enabling arbitrary file reads or writes on the host system processing the package. The vulnerability carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N).

Exploitation requires local access to the system and user interaction, as an attacker must convince a user to process a malicious Zarf package with no privileges needed on the attacker's part. Upon extraction, the symlink traversal grants high-impact confidentiality and integrity violations, allowing arbitrary file read or write operations across the system, which could lead to data exfiltration, modification of critical files, or further privilege escalation in air-gapped Kubernetes environments.

The vulnerability has been patched in Zarf version 0.73.1. Administrators should immediately upgrade affected installations to this version or later to mitigate the issue. Additional details are available in the GitHub release notes at https://github.com/zarf-dev/zarf/releases/tag/v0.73.1 and the security advisory at https://github.com/zarf-dev/zarf/security/advisories/GHSA-hcm4-6hpj-vghm.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file…

more

read or write on the system processing the package. This issue has been patched in version 0.73.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Malicious Zarf package requires user processing (T1204.002); path traversal directly enables arbitrary local file reads (T1005) and stored data writes/manipulation (T1565.001).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40090Same product: Lfprojects Zarf
CVE-2025-68145Same vendor: Lfprojects
CVE-2025-15031Same vendor: Lfprojects
CVE-2025-11201Same vendor: Lfprojects
CVE-2025-1915Shared CWE-22
CVE-2026-35177Shared CWE-22
CVE-2026-21864Same vendor: Lfprojects
CVE-2026-21863Same vendor: Lfprojects
CVE-2026-3051Shared CWE-22
CVE-2026-32711Shared CWE-22

Affected Assets

lfprojects
zarf
0.54.0 — 0.73.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the path traversal vulnerability by requiring timely patching of Zarf to version 0.73.1 or later.

prevent

Requires validation of file paths and symlink targets during Zarf package archive extraction to block traversal outside the destination directory.

prevent

Enforces least privilege on the Zarf process to limit the scope and impact of arbitrary file read/write operations via symlink traversal.

References