Skip to main content

CVE-2026-40090

HIGH
Path Traversal (CWE-22)
2026-04-14 https://github.com/zarf-dev/zarf GHSA-pj97-4p9w-gx3q
7.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
Low

Lifecycle Timeline

5
Re-analysis Queued
Apr 17, 2026 - 15:52 vuln.today
cvss_changed
Analysis Generated
Apr 15, 2026 - 01:10 vuln.today
Analysis Generated
Apr 14, 2026 - 22:46 vuln.today
Patch released
Apr 14, 2026 - 22:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 22:32 nvd
HIGH 7.1

DescriptionGitHub Advisory

Impact

This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages.

Patches

#4793, now fixed in version v0.74.2

Workarounds

Avoid inspecting unsigned packages

Description

The package inspect sbom and package inspect documentation subcommands construct output file paths by joining a user-controlled output directory with the package's Metadata.Name field, which is attacker-controlled data read from the package archive. The Metadata.Name field is validated against a regex on create, ^[a-z0-9][a-z0-9\-]*$, however a malicious user could unarchive a package to change the .Metadata.Name field and the files inside the SBOMS.tar. This would lead to arbitrary file write in a location of the attackers choosing.

Neither location sanitizes or validates the package name before using it in the file path.

SBOM inspection:

go
outputPath := filepath.Join(o.outputDir, pkgLayout.Pkg.Metadata.Name)
err = pkgLayout.GetSBOM(ctx, outputPath)

Documentation inspection (line 1219):

go
outputPath := filepath.Join(o.outputDir, fmt.Sprintf("%s-documentation", pkgLayout.Pkg.Metadata.Name))
return pkgLayout.GetDocumentation(ctx, outputPath, o.keys)

pkgLayout.Pkg.Metadata.Name is read directly from the untrusted package's zarf.yaml manifest. An attacker can craft a malicious Zarf package where Metadata.Name contains path traversal sequences or root paths such as ../../etc/cron.d/malicious or /home/user/.ssh/authorized_keys.

CVSS Explainations

Attack Vector

Verdict: Network A malicious package could be published to OCI and inspected directly with zarf package inspect sbom oci://<bad-package>

Attack Complexity

Verdict: Low It is not complicated to make and publish a malicious package. The Attacker only needs to edit the zarf.yaml and sboms.tar then edit the checksums.

Privileges Required

Verdict: None The attacker is relying on the runner of zarf package inspect sbom|documentation and needs no other privileges.

User Interaction

Verdict: Required The user must run the inspect command

Scope

Verdict: Unchanged The vulnerability operates entirely within the permissions of the user running zarf package inspect. The file write can't escape the privilege boundary of that user

Confidentiality

Verdict: None This is an arbitrary file write vulnerability. The attacker can place or overwrite files on the filesystem but the vulnerability does not provide any mechanism to read or exfiltrate data from the target system.

Integrity

Verdict: High The attacker controls both the file path (via Metadata.Name) and the file content (via the SBOM or documentation files inside the archive). This allows writing attacker-controlled content to arbitrary locations on the filesystem, limited only by the permissions of the user running the inspect command. Realistic exploitation includes writing SSH authorized_keys, cron jobs, or shell profiles.

Availability

Verdict: Low The vulnerability does not directly target service availability. However, an attacker could overwrite files that cause system disruption.

AnalysisAI

Path traversal in Zarf package inspection commands enables arbitrary file write when processing malicious packages. Attackers can craft Zarf packages with traversal sequences in the Metadata.Name field (e.g., '../../etc/cron.d/malicious'), bypassing input validation to write attacker-controlled content to sensitive system locations when users run 'zarf package inspect sbom' or 'zarf package inspect documentation'. Fixed in version v0.74.2. CVSS 7.1 (High) with network attack vector but requires user interaction. No public exploit identified at time of analysis, though exploitation complexity is low as attackers only need to modify zarf.yaml and sboms.tar in a package archive.

Technical ContextAI

Zarf is a Kubernetes deployment tool (github.com/zarf-dev/zarf) that packages applications into portable archives. The vulnerability stems from improper path sanitization (CWE-22) in two inspection subcommands. While package creation validates Metadata.Name against regex '^[a-z0-9][a-z0-9\-]*$', the inspection flow reads this field directly from untrusted zarf.yaml manifests without re-validation. The code uses filepath.Join() to combine user-specified output directories with the unsanitized package name before extracting SBOM or documentation files. Because filepath.Join() does not neutralize path traversal sequences like '../' or absolute paths, an attacker who unarchives a legitimate package, modifies the Metadata.Name field to contain traversal sequences, recalculates checksums, and re-archives can control both the destination path and file content. This affects the Go package ecosystem (pkg:go) specifically for users inspecting packages from untrusted sources including OCI registries.

RemediationAI

Upgrade to Zarf version v0.74.2 or later, which includes the fix from pull request #4793 that implements proper path sanitization for the Metadata.Name field during package inspection operations. Organizations can obtain the patched version from the GitHub repository at https://github.com/zarf-dev/zarf. Until upgrade is possible, implement the vendor-recommended workaround of avoiding inspection of unsigned packages and only processing packages from trusted, verified sources. Establish organizational policies requiring package signature verification before inspection. For high-security environments, consider restricting the 'zarf package inspect' commands to dedicated sandboxed systems with limited file system permissions, or implement additional wrapper scripts that validate package sources before allowing inspection. Review systems where untrusted packages may have been inspected prior to patching for unexpected file modifications in user home directories (.ssh/authorized_keys, .bashrc), cron directories, and application configuration paths.

Share

CVE-2026-40090 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy