Skip to main content

apko CVE-2026-42574

HIGH
Path Traversal (CWE-22)
2026-05-04 https://github.com/chainguard-dev/apko GHSA-qq3r-w4hj-gjp6
7.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 04, 2026 - 21:47 vuln.today
Analysis Generated
May 04, 2026 - 21:47 vuln.today

DescriptionGitHub Advisory

Impact

A crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same or later archive could traverse that symlink to reach host paths the build user could write to. The root cause was the sanitizePath helper in pkg/apk/fs/rwosfs.go, which rejected only lexical .. traversal and did not resolve or refuse symlinks. Every disk-backed DirFS method that handed its caller-supplied path to a symlink-following stdlib call - ReadFile, WriteFile, Chmod, Chown, Chtimes, MkdirAll, Mkdir, and Mknod - was affected. The reachable primitive from a malicious APK during tar extraction is the MkdirAll / Mkdir / WriteFile chain via apko build-cpio and disk-backed consumers such as melange; the remaining sinks are reachable by direct callers of the pkg/apk/fs package. The in-memory tarfs install path used by apko build, apko publish, and apko build-minirootfs is not affected.

Patches

Fixed in apko v1.2.5 by #2187 / commit f5a96e1, which scopes all DirFS operations through a Go 1.24 *os.Root. The sanitizePath helper has been removed; *os.Root refuses traversal via .., absolute-target symlinks, relative-target symlinks, and hardlinks by construction. Regression tests in pkg/apk/apk/path_traversal_test.go cover each composite primitive.

Workarounds

No complete workaround. Operators running pre-1.2.5 apko (or downstream tools such as melange that embed pre-1.2.5 pkg/apk/fs) should upgrade. Consuming only APKs from trusted, signed sources reduces but does not eliminate exposure.

Resources

  • https://github.com/chainguard-dev/apko/pull/2187
  • https://github.com/chainguard-dev/apko/commit/f5a96e1299ac81c7ea9441705ec467688086f442
  • https://github.com/chainguard-dev/apko/releases/tag/v1.2.5
  • Related: GHSA-5g94-c2wx-8pxw (CVE-2026-25121) - prior lexical .. traversal fix

Credits

apko thanks Oleh Konko (@1seal from 1seal.org) for the initial report of the symlink-escape class, and to @Xh081iX for a follow-up set of reports covering additional reachable primitives (ReadFile, Chmod/Chown, Mknod, MkdirAll/Mkdir) that shaped the comprehensive fix.

AnalysisAI

Symlink-following path traversal in apko (versions 0.14.8 through <1.2.5) allows malicious APK archives to write arbitrary files to host paths during build operations. A crafted .apk can install a symlink entry pointing outside the build root, then traverse that symlink via subsequent file-write or directory-creation operations to reach any path writable by the build user. Affects disk-backed operations in apko build-cpio and downstream tools like melange; in-memory tarfs paths (apko build, apko publish) are not vulnerable. Vendor-released patch available in apko v1.2.5. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates network-reachable unauthenticated exploitation, though practical attack requires convincing a target to process the malicious APK during a build. No EPSS or KEV data available; publicly available exploit code exists in the form of regression tests demonstrating each primitive.

Technical ContextAI

This vulnerability affects apko, a Chainguard tool for building Alpine Package Keeper (APK)-based OCI container images, and its embedded pkg/apk/fs package. The root cause (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) was in the sanitizePath helper in pkg/apk/fs/rwosfs.go, which validated paths only for lexical .. traversal but did not resolve or block symlinks. When a DirFS (disk-backed filesystem abstraction) processed tar entries during APK extraction, every method that handed caller-supplied paths to symlink-following Go standard library calls was vulnerable: ReadFile, WriteFile, Chmod, Chown, Chtimes, MkdirAll, Mkdir, and Mknod. An attacker could embed a TypeSymlink tar entry with an absolute target (/tmp/outside) or relative target (../outside) pointing beyond the build root, then include a subsequent TypeReg (file) or TypeDir (directory) entry whose name traversed that symlink (e.g., evil/pwned where evil is the planted symlink). The vulnerable code would follow the symlink and write to the attacker-controlled location on the host filesystem. This is a classic tar-slip variant leveraging symlinks rather than .. path components. The fix in v1.2.5 migrated all DirFS operations to Go 1.24's *os.Root API, which refuses traversal via .., absolute-target symlinks, relative-target symlinks, and hardlinks by design, replacing the flawed custom sanitizePath logic.

RemediationAI

Upgrade to apko version 1.2.5 or later, which replaces the flawed sanitizePath logic with Go 1.24's *os.Root API that blocks symlink and hardlink traversal by construction (commit f5a96e1299ac81c7ea9441705ec467688086f442, PR #2187 at https://github.com/chainguard-dev/apko/pull/2187). Organizations using downstream tools like melange must ensure those tools have updated their apko dependency to 1.2.5+. The vendor advisory explicitly states no complete workaround exists for pre-1.2.5 versions. Partial risk reduction: restrict APK ingestion to packages from cryptographically signed, trusted sources with verified provenance, though the advisory notes this reduces but does not eliminate exposure (a compromised or malicious signed source could still deliver the exploit). For build environments that cannot immediately upgrade, implement host-level sandboxing: run apko/melange inside isolated containers or VMs with restricted filesystem access using mount namespaces, seccomp, or mandatory access controls (SELinux/AppArmor) that prevent writes outside the build root-this contains but does not prevent exploitation and may break legitimate build operations requiring host access. Monitor build logs for unexpected file-creation failures outside expected paths as a detection mechanism. Do not rely on input validation or tar-entry filtering in user space, as the advisory demonstrates multiple bypass primitives (absolute symlinks, relative symlinks, hardlink newname traversal).

Share

CVE-2026-42574 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy