CVE-2026-40161
Published: 21 April 2026
Summary
CVE-2026-40161 is a high-severity Insertion of Sensitive Information Into Sent Data (CWE-201) vulnerability in Linuxfoundation Tekton Pipelines. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Steal Application Access Token (T1528); ranked at the 11.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-4 (Information Flow Enforcement).
Deeper analysis
CVE-2026-40161 is a vulnerability in the Tekton Pipelines project, which provides Kubernetes-style resources for declaring CI/CD-style pipelines. It affects the git resolver in API mode for versions 1.0.0 through 1.10.0. When a user omits the token parameter, the resolver sends the system-configured Git API token to a user-controlled serverURL. The issue carries a CVSS score of 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) and is linked to CWE-201.
A tenant with permissions to create TaskRun or PipelineRun resources can exploit this vulnerability over the network with low complexity and no user interaction required. By setting the serverURL to an attacker-controlled endpoint, the attacker can exfiltrate the shared system Git API token, such as a GitHub Personal Access Token (PAT) or GitLab token, leading to high confidentiality impact in a scoped environment.
Mitigation details and patches are documented in the Tekton security advisory at https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff, along with related issues at https://github.com/tektoncd/pipeline/issues/9608 and https://github.com/tektoncd/pipeline/issues/9609.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-24165
Vulnerability details
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a…
more
user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables an attacker with TaskRun/PipelineRun creation permissions to cause the git resolver to send the system Git API token to an attacker-controlled serverURL, facilitating theft of an application access token.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved information flow rules so the system-configured Git API token is never transmitted to a user-supplied serverURL.
Mediates access to the shared Git token, ensuring it is only released when the resolver's destination has been explicitly authorized.
Validates the serverURL parameter before the resolver uses it, rejecting untrusted or attacker-controlled endpoints that would receive the token.