A validation bypass in the VolumeMount path restriction allows mounting
volumes under restricted /tekton/ internal paths by using .. path
traversal components. The restriction check uses strings.HasPrefix
without filepath.Clean, so a path like /tekton/home/../results
passes validation but resolves to /tekton/results at runtime.
Tekton Pipelines restricts VolumeMount paths under /tekton/ (except
/tekton/home) to prevent users from interfering with internal
execution state. The validation at
pkg/apis/pipeline/v1/container_validation.go checks mount paths using
strings.HasPrefix without normalizing the path first:
if strings.HasPrefix(vm.MountPath, "/tekton/") &&
!strings.HasPrefix(vm.MountPath, "/tekton/home") {
// reject
}
Because /tekton/home is an allowed prefix, a path like
/tekton/home/../results passes both checks. At runtime, the container
runtime resolves .. and the actual mount point becomes
/tekton/results.
The same pattern exists in pkg/apis/pipeline/v1beta1/task_validation.go.
An authenticated user with Task or TaskRun creation permissions can
mount volumes over internal Tekton paths, potentially:
(to be filled: fixed in versions X.Y.Z)
.. components.All versions through v1.10.0 (both v1 and v1beta1 APIs).
This vulnerability was reported by @kodareef5.
| Score | Percentile |
|---|---|
| 0.05% | 16.22% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 5.4 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-rx35-6rhx-7858 ↗ |
| CVE | CVE-2026-40923 ↗ |
| CWE id | Name |
|---|---|
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| go | github.com/tektoncd/pipeline | >= 1.10.0, < 1.11.1 | 1.11.1 | — |
| go | github.com/tektoncd/pipeline | >= 1.7.0, < 1.9.3 | 1.9.3 | — |
| go | github.com/tektoncd/pipeline | >= 1.4.0, < 1.6.2 | 1.6.2 | — |
| go | github.com/tektoncd/pipeline | >= 1.2.0, < 1.3.4 | 1.3.4 | — |
| go | github.com/tektoncd/pipeline | >= 1.0.0, < 1.0.2 | 1.0.2 | — |