apko CVE-2026-42574
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
Impact
A crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same or later archive could traverse that symlink to reach host paths the build user could write to. The root cause was the sanitizePath helper in pkg/apk/fs/rwosfs.go, which rejected only lexical .. traversal and did not resolve or refuse symlinks. Every disk-backed DirFS method that handed its caller-supplied path to a symlink-following stdlib call - ReadFile, WriteFile, Chmod, Chown, Chtimes, MkdirAll, Mkdir, and Mknod - was affected. The reachable primitive from a malicious APK during tar extraction is the MkdirAll / Mkdir / WriteFile chain via apko build-cpio and disk-backed consumers such as melange; the remaining sinks are reachable by direct callers of the pkg/apk/fs package. The in-memory tarfs install path used by apko build, apko publish, and apko build-minirootfs is not affected.
Patches
Fixed in apko v1.2.5 by #2187 / commit f5a96e1, which scopes all DirFS operations through a Go 1.24 *os.Root. The sanitizePath helper has been removed; *os.Root refuses traversal via .., absolute-target symlinks, relative-target symlinks, and hardlinks by construction. Regression tests in pkg/apk/apk/path_traversal_test.go cover each composite primitive.
Workarounds
No complete workaround. Operators running pre-1.2.5 apko (or downstream tools such as melange that embed pre-1.2.5 pkg/apk/fs) should upgrade. Consuming only APKs from trusted, signed sources reduces but does not eliminate exposure.
Resources
- https://github.com/chainguard-dev/apko/pull/2187
- https://github.com/chainguard-dev/apko/commit/f5a96e1299ac81c7ea9441705ec467688086f442
- https://github.com/chainguard-dev/apko/releases/tag/v1.2.5
- Related: GHSA-5g94-c2wx-8pxw (CVE-2026-25121) - prior lexical
..traversal fix
Credits
apko thanks Oleh Konko (@1seal from 1seal.org) for the initial report of the symlink-escape class, and to @Xh081iX for a follow-up set of reports covering additional reachable primitives (ReadFile, Chmod/Chown, Mknod, MkdirAll/Mkdir) that shaped the comprehensive fix.
AnalysisAI
Symlink-following path traversal in apko (versions 0.14.8 through <1.2.5) allows malicious APK archives to write arbitrary files to host paths during build operations. A crafted .apk can install a symlink entry pointing outside the build root, then traverse that symlink via subsequent file-write or directory-creation operations to reach any path writable by the build user. Affects disk-backed operations in apko build-cpio and downstream tools like melange; in-memory tarfs paths (apko build, apko publish) are not vulnerable. Vendor-released patch available in apko v1.2.5. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates network-reachable unauthenticated exploitation, though practical attack requires convincing a target to process the malicious APK during a build. No EPSS or KEV data available; publicly available exploit code exists in the form of regression tests demonstrating each primitive.
Technical ContextAI
This vulnerability affects apko, a Chainguard tool for building Alpine Package Keeper (APK)-based OCI container images, and its embedded pkg/apk/fs package. The root cause (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) was in the sanitizePath helper in pkg/apk/fs/rwosfs.go, which validated paths only for lexical .. traversal but did not resolve or block symlinks. When a DirFS (disk-backed filesystem abstraction) processed tar entries during APK extraction, every method that handed caller-supplied paths to symlink-following Go standard library calls was vulnerable: ReadFile, WriteFile, Chmod, Chown, Chtimes, MkdirAll, Mkdir, and Mknod. An attacker could embed a TypeSymlink tar entry with an absolute target (/tmp/outside) or relative target (../outside) pointing beyond the build root, then include a subsequent TypeReg (file) or TypeDir (directory) entry whose name traversed that symlink (e.g., evil/pwned where evil is the planted symlink). The vulnerable code would follow the symlink and write to the attacker-controlled location on the host filesystem. This is a classic tar-slip variant leveraging symlinks rather than .. path components. The fix in v1.2.5 migrated all DirFS operations to Go 1.24's *os.Root API, which refuses traversal via .., absolute-target symlinks, relative-target symlinks, and hardlinks by design, replacing the flawed custom sanitizePath logic.
RemediationAI
Upgrade to apko version 1.2.5 or later, which replaces the flawed sanitizePath logic with Go 1.24's *os.Root API that blocks symlink and hardlink traversal by construction (commit f5a96e1299ac81c7ea9441705ec467688086f442, PR #2187 at https://github.com/chainguard-dev/apko/pull/2187). Organizations using downstream tools like melange must ensure those tools have updated their apko dependency to 1.2.5+. The vendor advisory explicitly states no complete workaround exists for pre-1.2.5 versions. Partial risk reduction: restrict APK ingestion to packages from cryptographically signed, trusted sources with verified provenance, though the advisory notes this reduces but does not eliminate exposure (a compromised or malicious signed source could still deliver the exploit). For build environments that cannot immediately upgrade, implement host-level sandboxing: run apko/melange inside isolated containers or VMs with restricted filesystem access using mount namespaces, seccomp, or mandatory access controls (SELinux/AppArmor) that prevent writes outside the build root-this contains but does not prevent exploitation and may break legitimate build operations requiring host access. Monitor build logs for unexpected file-creation failures outside expected paths as a detection mechanism. Do not rely on input validation or tar-entry filtering in user space, as the advisory demonstrates multiple bypass primitives (absolute symlinks, relative symlinks, hardlink newname traversal).
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-qq3r-w4hj-gjp6