Flux source-controller CVE-2026-47680
MEDIUMLifecycle Timeline
2DescriptionCVE.org
Impact
An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory.
The corruption surface is bounded by source-controller's own and downstream Flux controllers' digest verification: source-controller verifies stored artifact digests during reconciliation and rebuilds on divergence; consumers (kustomize-controller, helm-controller) verify the digest of fetched artifacts and reject mismatches. These checks prevent a manipulated artifact from reaching the cluster, but an attacker can still write files anywhere the source-controller pod has permission to write.
Separately, a user with permission to create or update GitRepository resources can cause source-controller to test for the existence of paths outside the cloned repository. Because the result is exposed via the resource's status, this allows limited enumeration of file paths on the controller pod. This surface exists only on source-controller v1.6.0 and later, where the sparse-checkout feature was introduced.
Patches
This vulnerability was fixed in source-controller v1.8.5.
Workarounds
There is no in-product workaround. Users should upgrade to a patched version.
As a defense-in-depth measure for the GitRepository sparse-checkout surface, a ValidatingAdmissionPolicy (or a third-party policy engine such as Kyverno or OPA Gatekeeper) can be deployed to reject GitRepository resources whose .spec.sparseCheckout entries contain .. or absolute path segments.
References
Credits
The path traversal in the Bucket reconciler was reported by JUNYI LIU. The path traversal in the GitRepository sparse-checkout validation was found and patched by the Flux engineering team.
For more information
If you have any questions or comments about this advisory:
- Open an issue in the source-controller repository.
- Contact us at the CNCF Flux Channel.
AnalysisAI
Path traversal vulnerabilities in Flux source-controller (CWE-23) expose two distinct attack surfaces on the controller pod. In the Bucket reconciler, an actor who can influence object keys in a referenced bucket can cause source-controller to write fetched data to arbitrary paths on the pod filesystem, escaping the per-reconciliation working directory sandbox. Separately, authenticated Kubernetes users with GitRepository create/update RBAC permissions can exploit the sparse-checkout feature (v1.6.0+) to enumerate file paths on the controller pod via the resource's status field. Both issues are patched in source-controller v1.8.5; no public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV.
Technical ContextAI
Source-controller is the GitOps artifact management component of Flux CD, written in Go (pkg:go/github.com/fluxcd/source-controller). The Bucket reconciler downloads objects from S3-compatible or GCS buckets and stores them locally, using the object key as the local file path. The root cause (CWE-23: Relative Path Traversal) is that object keys were passed directly to Go's stdlib filepath.Join() without sanitization, allowing keys containing ../ sequences to traverse outside the designated working directory. The fix, visible in PR#2054, replaces filepath.Join() with SecureJoin() from the github.com/cyphar/filepath-securejoin library, which resolves symlinks and enforces confinement to the base directory. The GitRepository sparse-checkout surface, introduced in v1.6.0, applied the same unsafe filepath.Join() pattern to user-supplied .spec.sparseCheckout path entries before checking their existence on disk, with the boolean result exposed through the resource's .status field - creating a limited but concrete path enumeration primitive.
RemediationAI
Upgrade source-controller to v1.8.5, the vendor-released patch confirmed by the GitHub Advisory GHSA-jjrm-hr5f-673x. The fix is implemented in PR#2054 (https://github.com/fluxcd/source-controller/pull/2054) at commit 759bd6c451e7cc4327b38f42c8b671980165cb0e. There is no in-product workaround for the Bucket traversal surface - upgrade is the only remediation. For the GitRepository sparse-checkout enumeration surface only, a Kubernetes ValidatingAdmissionPolicy (or a third-party policy engine such as Kyverno or OPA Gatekeeper) can be deployed to reject GitRepository resources whose .spec.sparseCheckout entries contain .. or absolute path segments; this blocks the path enumeration primitive without requiring an immediate upgrade, but has no effect on the Bucket traversal and adds policy infrastructure overhead. As an additional compensating control for the Bucket surface pending upgrade, restrict write access to all buckets referenced by Flux Bucket resources to the minimum necessary principals, recognizing this relies entirely on external access controls rather than source-controller input validation.
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-jjrm-hr5f-673x