CVE-2026-40161
Published: 21 April 2026
Summary
CVE-2026-40161 is a high-severity Insertion of Sensitive Information Into Sent Data (CWE-201) vulnerability in Linuxfoundation Tekton Pipelines. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Steal Application Access Token (T1528); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the flaw in Tekton Pipelines git resolver that sends system Git API tokens to user-controlled serverURLs when the token parameter is omitted.
Validates user-supplied serverURL inputs in TaskRun and PipelineRun resources to restrict them to authorized git endpoints, blocking exfiltration to attacker-controlled servers.
Enforces information flow policies to prevent transmission of shared system-configured Git API tokens to unauthorized external destinations specified by low-privileged tenants.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables an attacker with TaskRun/PipelineRun creation permissions to cause the git resolver to send the system Git API token to an attacker-controlled serverURL, facilitating theft of an application access token.
NVD Description
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A…
more
tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint.
Deeper analysisAI
CVE-2026-40161 is a vulnerability in the Tekton Pipelines project, which provides Kubernetes-style resources for declaring CI/CD-style pipelines. It affects the git resolver in API mode for versions 1.0.0 through 1.10.0. When a user omits the token parameter, the resolver sends the system-configured Git API token to a user-controlled serverURL. The issue carries a CVSS score of 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) and is linked to CWE-201.
A tenant with permissions to create TaskRun or PipelineRun resources can exploit this vulnerability over the network with low complexity and no user interaction required. By setting the serverURL to an attacker-controlled endpoint, the attacker can exfiltrate the shared system Git API token, such as a GitHub Personal Access Token (PAT) or GitLab token, leading to high confidentiality impact in a scoped environment.
Mitigation details and patches are documented in the Tekton security advisory at https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff, along with related issues at https://github.com/tektoncd/pipeline/issues/9608 and https://github.com/tektoncd/pipeline/issues/9609.
Details
- CWE(s)