CVE-2026-33211
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk43th percentile - higher than 43% of all known CVEs
Summary
A path traversal vulnerability in the Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod's filesystem via the `pathInRepo` parameter. An attacker with permission to create `ResolutionRequests` can access ServiceAccount tokens and other sensitive data.
Risk Assessment
The organization risks exposure of sensitive data, including ServiceAccount tokens, which could lead to privilege escalation and unauthorized access to Kubernetes cluster resources.
Recommendation
Immediately update Tekton Pipelines to one of the patched versions: 1.0.1, 1.3.3, 1.6.1, 1.9.2, or 1.10.2. Restrict permissions to create `ResolutionRequests` to trusted entities only.
Original NVD description (English source)
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch.

