CVE Catalog

CVE-2026-33211

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.57%

43th percentile - higher than 43% of all known CVEs

Summary

A path traversal vulnerability in the Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod's filesystem via the `pathInRepo` parameter. An attacker with permission to create `ResolutionRequests` can access ServiceAccount tokens and other sensitive data.

Risk Assessment

The organization risks exposure of sensitive data, including ServiceAccount tokens, which could lead to privilege escalation and unauthorized access to Kubernetes cluster resources.

Recommendation

Immediately update Tekton Pipelines to one of the patched versions: 1.0.1, 1.3.3, 1.6.1, 1.9.2, or 1.10.2. Restrict permissions to create `ResolutionRequests` to trusted entities only.

Original NVD description (English source)

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS