| CVE-2026-40938 |
high |
8.5 |
8.5 |
1mo ago |
Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE |
|
| CVE-2026-40924 |
medium |
6.5 |
6.5 |
1mo ago |
Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion |
|
| CVE-2026-40161 |
medium |
6.5 |
6.5 |
1mo ago |
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL |
|
| CVE-2026-25542 |
medium |
6.5 |
6.5 |
1mo ago |
Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching |
|
| CVE-2026-40923 |
medium |
5.4 |
5.4 |
1mo ago |
Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check |
|
| CVE-2026-33211 |
unknown |
— |
— |
2mo ago |
Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod in github.com/tektoncd/pipeline |
|
| CVE-2026-33022 |
unknown |
— |
— |
2mo ago |
Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun in github.com/tektoncd/pipeline |
|
| CVE-2023-37264 |
unknown |
— |
— |
3y ago |
Pipelines do not validate child UIDs in github.com/tektoncd/pipeline |
|