CVE-2026-33211
Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod
Description
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch.
INFO
Published Date :
March 24, 2026, 12:16 a.m.
Last Modified :
June 30, 2026, 3:18 a.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | |||||
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 3.1 | CRITICAL | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c |
Solution
- Update Tekton Pipelines to version 1.0.1 or later.
- Update Tekton Pipelines to version 1.3.3 or later.
- Update Tekton Pipelines to version 1.6.1 or later.
- Update Tekton Pipelines to version 1.9.2 or later.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-33211.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-33211 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-33211
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-33211 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-33211 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Jun. 30, 2026
Action Type Old Value New Value Added Affected [{'cpes': ['cpe:/a:redhat:openshift_builds:1.6::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Builds 1.6.5', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_builds:1.7::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Builds 1.7.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_pipelines:1.21::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Pipelines 1.21', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_pipelines:1.20::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Pipelines 1.2', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:trusted_artifact_signer:1.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Trusted Artifact Signer 1.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_pipelines:1'], 'vendor': 'Red Hat', 'product': 'OpenShift Pipelines', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:serverless:1'], 'vendor': 'Red Hat', 'product': 'OpenShift Serverless', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:openshift_builds:1'], 'vendor': 'Red Hat', 'product': 'Builds for Red Hat OpenShift', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/a:redhat:openshift_ai'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift AI (RHOAI)', 'defaultStatus': 'unaffected'}, {'cpes': ['cpe:/a:redhat:container_native_virtualization:4'], 'vendor': 'Red Hat', 'product': 'Red Hat OpenShift Virtualization 4', 'defaultStatus': 'unaffected'}] Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N Added CWE CWE-22 Added Reference https://access.redhat.com/errata/RHSA-2026:10026 Added Reference https://access.redhat.com/errata/RHSA-2026:10066 Added Reference https://access.redhat.com/errata/RHSA-2026:10125 Added Reference https://access.redhat.com/errata/RHSA-2026:10155 Added Reference https://access.redhat.com/errata/RHSA-2026:10158 Added Reference https://access.redhat.com/errata/RHSA-2026:21931 Added Reference https://access.redhat.com/errata/RHSA-2026:21932 Added Reference https://access.redhat.com/errata/RHSA-2026:24484 Added Reference https://access.redhat.com/errata/RHSA-2026:6166 Added Reference https://access.redhat.com/errata/RHSA-2026:6170 Added Reference https://access.redhat.com/security/cve/CVE-2026-33211 Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2450554 Added Reference https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33211.json -
CVE Modified by [email protected]
Jun. 17, 2026
Action Type Old Value New Value Added Affected [{'vendor': 'tektoncd', 'product': 'pipeline', 'versions': [{'status': 'affected', 'version': '>= 1.0.0, < 1.0.1'}, {'status': 'affected', 'version': '>= 1.1.0, < 1.3.3'}, {'status': 'affected', 'version': '>= 1.4.0, < 1.6.1'}, {'status': 'affected', 'version': '>= 1.7.0, < 1.9.2'}, {'status': 'affected', 'version': '>= 1.10.0, < 1.10.2'}]}] -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 17, 2026
Action Type Old Value New Value Added SSVC {'id': 'CVE-2026-33211', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'no'}, {'technicalImpact': 'partial'}], 'version': '2.0.3', 'timestamp': '2026-03-24T15:40:21.314239Z'} -
Initial Analysis by [email protected]
Mar. 26, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N Added CPE Configuration OR *cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:* versions from (including) 1.1.0 up to (excluding) 1.3.3 *cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:* versions from (including) 1.10.0 up to (excluding) 1.10.2 *cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:* versions from (including) 1.4.0 up to (excluding) 1.6.1 *cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:* versions from (including) 1.7.0 up to (excluding) 1.9.2 *cpe:2.3:a:linuxfoundation:tekton_pipelines:1.0.0:*:*:*:*:go:*:* Added Reference Type GitHub, Inc.: https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c Types: Patch Added Reference Type GitHub, Inc.: https://github.com/tektoncd/pipeline/commit/318006c4e3a5 Types: Patch Added Reference Type GitHub, Inc.: https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd Types: Patch Added Reference Type GitHub, Inc.: https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae Types: Patch Added Reference Type GitHub, Inc.: https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e Types: Patch Added Reference Type GitHub, Inc.: https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db Types: Patch Added Reference Type GitHub, Inc.: https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78 Types: Patch Added Reference Type GitHub, Inc.: https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c Types: Patch, Vendor Advisory -
New CVE Received by [email protected]
Mar. 24, 2026
Action Type Old Value New Value Added Description Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch. Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N Added CWE CWE-22 Added Reference https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c Added Reference https://github.com/tektoncd/pipeline/commit/318006c4e3a5 Added Reference https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd Added Reference https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae Added Reference https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e Added Reference https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db Added Reference https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78 Added Reference https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c