CRITICAL9.6CVE-2026-33211Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod in github.com/tektoncd/pipeline >= 1.0.0, < 1.0.1, >= 1.1.0, < 1.3.3, >= 1.4.0, < 1.6.1, >= 1.7.0, < 1.9.2, >= 1.10.0, < 1.10.2
CRITICAL9.6CVE-2026-33211Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod in github.com/tektoncd/pipeline >= 1.0.0, < 1.0.1
HIGH7.7Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL
>= 1.0.0, < 1.0.2
HIGH7.5Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
>= 1.10.0, < 1.11.1
MEDIUM6.5Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion
>= 1.10.0, < 1.11.1
MEDIUM6.5Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching
>= 0.43.0, < 1.0.2
MEDIUM6.5Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun in github.com/tektoncd/pipeline
>= 0.60.0, < 1.0.1
MEDIUM6.5Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun in github.com/tektoncd/pipeline
>= 0.60.0
MEDIUM5.4Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check
>= 1.10.0, < 1.11.1
LOW3.7Pipelines do not validate child UIDs in github.com/tektoncd/pipeline
>= 0.35.0, <= 0.52.0
LOW3.7Pipelines do not validate child UIDs in github.com/tektoncd/pipeline
>= 0.35.0