ByteOS Network

NVD Vulnerability Details :

CVE-2026-28406

Received

Source-security-advisories@github.com

Published At-27 Feb, 2026 | 22:16

Updated At-27 Feb, 2026 | 22:16

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Type: Secondary

Version: 3.1

Base score: 8.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	security-advisories@github.com

CWE ID: CWE-22

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/chainguard-forks/kaniko/commit/a370e4b1f66e6e842b685c8f70ed507964c4b221	security-advisories@github.com	N/A
https://github.com/chainguard-forks/kaniko/pull/326	security-advisories@github.com	N/A
https://github.com/chainguard-forks/kaniko/security/advisories/GHSA-6rxq-q92g-4rmf	security-advisories@github.com	N/A