CVE-2026-40090

High

Published: 15 April 2026

Published

15 April 2026

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

EPSS Score 0.0005 14.9th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-40090 is a high-severity Path Traversal (CWE-22) vulnerability in Lfprojects Zarf. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Cron (T1053.003); ranked at the 14.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Cron (T1053.003) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents path traversal exploitation by requiring validation of untrusted inputs like the Metadata.Name field from Zarf packages before constructing output file paths.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and patching of the specific flaw in Zarf versions 0.23.0 through 0.74.1, as fixed in 0.74.2.

AC-6 Least Privilege partial match

prevent

Limits the scope of arbitrary file writes by enforcing least privilege on the user or process executing the Zarf inspect command, restricting access to sensitive filesystem locations.

MITRE ATT&CK Enterprise TechniquesAI

T1053.003 Cron Execution

Adversaries may abuse the <code>cron</code> utility to perform task scheduling for initial or recurring execution of malicious code.

attack.mitre.org →

T1098.004 SSH Authorized Keys Persistence

Adversaries may modify the SSH <code>authorized_keys</code> file to maintain persistence on a victim host.

attack.mitre.org →

Why these techniques?

Arbitrary file write via path traversal in Zarf inspect commands directly enables writing attacker-controlled files to /etc/cron.d/ (Cron persistence) and ~/.ssh/authorized_keys (SSH key persistence).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining…

a user-controlled output directory with the package's Metadata.Name field read directly from the untrusted package's zarf.yaml manifest. Although Metadata.Name is validated against a regex on package creation, an attacker can unarchive a package to modify the Metadata.Name field to contain path traversal sequences such as ../../etc/cron.d/malicious or absolute paths like /home/user/.ssh/authorized_keys, along with the corresponding files inside SBOMS.tar. This allows writing attacker-controlled content to arbitrary filesystem locations within the permissions of the user running the inspect command. This issue has been fixed in version 0.74.2.

Deeper analysisAI

CVE-2026-40090 is an arbitrary file write vulnerability affecting Zarf, an airgap-native package manager for Kubernetes. The issue resides in the `zarf package inspect sbom` and `zarf package inspect documentation` subcommands in versions 0.23.0 through 0.74.1. These subcommands construct output file paths by joining a user-controlled output directory with the package's Metadata.Name field, which is read directly from the untrusted package's zarf.yaml manifest. Although Metadata.Name is validated with a regex during package creation, an attacker can unarchive a package, modify this field to include path traversal sequences like `../../etc/cron.d/malicious` or absolute paths like `/home/user/.ssh/authorized_keys`, and include corresponding files in SBOMs.tar, enabling writes to arbitrary filesystem locations within the permissions of the user running the command.

An attacker can exploit this vulnerability by crafting a malicious Zarf package and tricking a victim into inspecting it with the affected subcommands. Exploitation requires no privileges (PR:N) and user interaction (UI:R), such as a user running the inspect command on an untrusted package provided via network (AV:N). Successful exploitation allows the attacker to write arbitrary, attacker-controlled content to sensitive locations on the victim's filesystem, potentially leading to persistence (e.g., adding cron jobs or SSH keys), with high integrity impact (I:H) and low availability impact (A:L).

The vulnerability has been addressed in Zarf version 0.74.2. Official advisories, including the GitHub security advisory at GHSA-pj97-4p9w-gx3q and the related pull request at #4793, detail the fix and recommend upgrading to the patched version to mitigate the path traversal issue (CWE-22).

Details

CWE(s): CWE-22

Affected Products

lfprojects

zarf

0.23.0 — 0.74.2

CVEs Like This One

CVE-2026-29064Same product: Lfprojects Zarf

CVE-2025-15031Same vendor: Lfprojects

CVE-2025-11201Same vendor: Lfprojects

CVE-2026-27623Same vendor: Lfprojects

CVE-2025-67733Same vendor: Lfprojects

CVE-2026-0545Same vendor: Lfprojects

CVE-2026-21863Same vendor: Lfprojects

CVE-2026-25539Shared CWE-22

CVE-2025-14287Same vendor: Lfprojects

CVE-2025-11200Same vendor: Lfprojects

References

https://github.com/zarf-dev/zarf/pull/4793
Issue Tracking, Patch · security-advisories@github.com
https://github.com/zarf-dev/zarf/security/advisories/GHSA-pj97-4p9w-gx3q
Patch, Vendor Advisory · security-advisories@github.com