CVE-2026-40938
Published: 21 April 2026
Summary
CVE-2026-40938 is a high-severity Argument Injection (CWE-88) vulnerability in Linuxfoundation Tekton Pipelines. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 24.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the lack of validation on the git revision parameter and repo URL, preventing injection of malicious git flags and local filesystem paths leading to arbitrary binary execution.
Enforces least privilege on the tekton-pipelines-resolvers ServiceAccount, limiting cluster-wide get/list/watch access to Secrets and mitigating secret exfiltration post-RCE.
Requires timely identification, testing, and remediation of the command injection flaw (CWE-88) via patching to Tekton Pipelines 1.11.1 or later.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection via unvalidated git fetch arguments enables arbitrary binary execution through Unix shell (T1059.004). Resulting code execution on the resolver pod with cluster-wide Secret permissions facilitates credential exfiltration via the Kubernetes/container API (T1552.007).
NVD Description
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a…
more
- character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. This vulnerability is fixed in 1.11.1.
Deeper analysisAI
CVE-2026-40938 affects the Tekton Pipelines project, which provides Kubernetes-style resources for declaring CI/CD-style pipelines. In versions from 1.0.0 to before 1.11.0, the git resolver passes the revision parameter directly as a positional argument to the `git fetch` command without validating that it does not begin with a hyphen (-). This allows attackers to inject arbitrary `git fetch` flags, such as `--upload-pack=<binary>`. Additionally, the `validateRepoURL` function explicitly permits URLs starting with /, enabling the use of local filesystem paths.
A tenant with the ability to submit ResolutionRequest objects can exploit this by chaining the flag injection with a local path repository URL, leading to execution of an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount possesses cluster-wide get/list/watch permissions on all Secrets, allowing an attacker achieving code execution to exfiltrate secrets across the entire cluster. The vulnerability has a CVSS score of 7.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-88 (Improper Neutralization of Argument Delimiters in a Command).
The vulnerability is fixed in Tekton Pipelines version 1.11.1, as detailed in the project's release notes and security advisory GHSA-94jr-7pqp-xhcq. Security practitioners should upgrade to 1.11.1 or later and review access controls for ResolutionRequest submissions to mitigate exposure.
Details
- CWE(s)