{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T12:41:37.114","vulnerabilities":[{"cve":{"id":"CVE-2026-28406","sourceIdentifier":"security-advisories@github.com","published":"2026-02-27T22:16:23.513","lastModified":"2026-03-06T19:29:21.457","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction."},{"lang":"es","value":"kaniko es una herramienta para construir imágenes de contenedores a partir de un Dockerfile, dentro de un contenedor o un clúster de Kubernetes. A partir de la versión 1.25.4 y antes de la versión 1.25.10, kaniko descomprime archivos de contexto de construcción usando 'filepath.Join(dest, cleanedName)' sin asegurar que la ruta final permanezca dentro de 'dest'. Una entrada tar como '../outside.txt' escapa la raíz de extracción y escribe archivos fuera del directorio de destino. En entornos con autenticación de registro, esto puede encadenarse con los ayudantes de credenciales de docker para lograr la ejecución de código dentro del proceso del ejecutor. La versión 1.25.10 utiliza securejoin para la resolución de rutas en la extracción de tar."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chainguard:kaniko:*:*:*:*:*:*:*:*","versionStartIncluding":"1.25.4","versionEndExcluding":"1.25.10","matchCriteriaId":"5D7F83A1-ABE0-40A9-87E9-15913B15DE13"}]}]}],"references":[{"url":"https://github.com/chainguard-forks/kaniko/commit/a370e4b1f66e6e842b685c8f70ed507964c4b221","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/chainguard-forks/kaniko/pull/326","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/chainguard-forks/kaniko/security/advisories/GHSA-6rxq-q92g-4rmf","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}}]}