216.73.217.86

CVE-2026-28406

· Published 27/02/2026 22:16 · Modified 27/02/2026 22:16

Labels: CVE-2026-28406 2026-02-27CVE-2026-28406CWE-22[email protected]

Essential information

Published
27/02/2026 22:16
Modified
27/02/2026 22:16
Author
Creator
CVSS
8.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CVSS metrics

Description

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
google / kaniko cpe:2.3:a:google:kaniko:1.25.4-1.25.10:*:*:*:*:*:*:*

References