CVE-2026-40938
Published: 21 April 2026
Summary
CVE-2026-40938 is a high-severity Argument Injection (CWE-88) vulnerability in Linuxfoundation Tekton Pipelines. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 40.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-40938 affects the Tekton Pipelines project, which provides Kubernetes-style resources for declaring CI/CD-style pipelines. In versions from 1.0.0 to before 1.11.0, the git resolver passes the revision parameter directly as a positional argument to the `git fetch` command without validating that it does not begin with a hyphen (-). This allows attackers to inject arbitrary `git fetch` flags, such as `--upload-pack=<binary>`. Additionally, the `validateRepoURL` function explicitly permits URLs starting with /, enabling the use of local filesystem paths.
A tenant with the ability to submit ResolutionRequest objects can exploit this by chaining the flag injection with a local path repository URL, leading to execution of an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount possesses cluster-wide get/list/watch permissions on all Secrets, allowing an attacker achieving code execution to exfiltrate secrets across the entire cluster. The vulnerability has a CVSS score of 7.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-88 (Improper Neutralization of Argument Delimiters in a Command).
The vulnerability is fixed in Tekton Pipelines version 1.11.1, as detailed in the project's release notes and security advisory GHSA-94jr-7pqp-xhcq. Security practitioners should upgrade to 1.11.1 or later and review access controls for ResolutionRequest submissions to mitigate exposure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-24491
Vulnerability details
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without…
more
any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection via unvalidated git fetch arguments enables arbitrary binary execution through Unix shell (T1059.004). Resulting code execution on the resolver pod with cluster-wide Secret permissions facilitates credential exfiltration via the Kubernetes/container API (T1552.007).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of the revision parameter and repo URL to block -flag injection and local-path traversal into git fetch.
Limits the tekton-pipelines-resolvers ServiceAccount to only the secrets it actually needs, eliminating cluster-wide read access that enables full exfiltration after code execution.
Enforces which tenants may submit ResolutionRequest objects, reducing the attack surface before an untrusted revision or URL can reach the resolver.