← Volver a CVEs
CVE-2026-28406
HIGH8.2
Descripcion
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction.
Detalles CVE
Puntuacion CVSS v3.18.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/27/2026
Ultima modificacion3/6/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
chainguard:kaniko
Debilidades (CWE)
CWE-22
Referencias
https://github.com/chainguard-forks/kaniko/commit/a370e4b1f66e6e842b685c8f70ed507964c4b221(security-advisories@github.com)
https://github.com/chainguard-forks/kaniko/pull/326(security-advisories@github.com)
https://github.com/chainguard-forks/kaniko/security/advisories/GHSA-6rxq-q92g-4rmf(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.