AIKIDO-2026-10515

github.com/tektoncd/pipeline is vulnerable to Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')CVE-2026-40938 Published Apr 23, 2026

High Risk

This Affects:

github.com/tektoncd/pipeline

1.0.0 - 1.0.1

Fixed in 1.0.2

1.2.28 - 1.3.3

Fixed in 1.3.4

1.4.0 - 1.6.1

Fixed in 1.6.2

1.7.0 - 1.9.2

Fixed in 1.9.3

1.10.0 - 1.11.0

Fixed in 1.11.1

Are you affected? Scan for Free

TL;DR

An improper input validation issue in Tekton Pipelines git resolver allowed user-controlled revision values beginning with - to be passed directly to git fetch, enabling injection of arbitrary Git command-line flags such as --upload-pack. Because local filesystem repository paths were also accepted as valid URLs, an attacker able to create ResolutionRequest objects could trigger execution of arbitrary binaries on the resolver pod. Since the tekton-pipelines-resolvers ServiceAccount had cluster-wide access to read Secrets, successful exploitation could lead to remote code execution, full cluster secret exfiltration, and privilege escalation.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

github.com/tektoncd/pipeline is vulnerable to Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in versions 1.10.0 - 1.11.0, 1.7.0 - 1.9.2, 1.4.0 - 1.6.1, 1.2.28 - 1.3.3 and 1.0.0 - 1.0.1.