CVE-2026-29050: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in chainguard-dev melange
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set `pipeline[].uses` to a value containing `../` sequences or an absolute path. The `(*Compiled).compilePipeline` function in `pkg/build/compile.go` passed `uses` directly to `filepath.Join(pipelineDir, uses + ".yaml")` without validating the value, so the resolved path could escape each `--pipeline-dir` and read an arbitrary YAML-parseable file visible to the melange process. Because the loaded file is subsequently interpreted as a melange pipeline and its `runs:` block is executed via `/bin/sh -c` in the build sandbox, this additionally allowed shell commands sourced from an out-of-tree file to run during the build, bypassing the review boundary that normally covers the in-tree pipeline definition. The issue is fixed in melange v0.43.4 via commit 5829ca4. The fix rejects `uses` values that are absolute paths or contain `..`, and verifies (via `filepath.Rel` after `filepath.Clean`) that the resolved target remains within the pipeline directory. As a workaround, only run `melange build` against configuration files from trusted sources. In CI systems that build user-supplied melange configs, gate builds behind manual review of `pipeline[].uses` values and reject any containing `..` or leading `/`.
AI Analysis
Technical Summary
Melange, a tool for building apk packages using declarative pipelines, improperly limits pathname resolution for pipeline steps specified in configuration files. Versions from 0.32.0 to before 0.43.4 allow an attacker who can influence the configuration file to set pipeline[].uses to a path containing '../' or an absolute path. The compilePipeline function concatenates this path without validation, enabling escape from the intended pipeline directory and loading arbitrary YAML files. These files are interpreted as melange pipelines, and their runs: blocks are executed via /bin/sh -c in the build sandbox, allowing execution of arbitrary shell commands. The issue is fixed in v0.43.4 by rejecting absolute or parent-directory paths and verifying the resolved path remains within the pipeline directory.
Potential Impact
An attacker able to influence melange configuration files can cause melange to load and execute arbitrary pipeline definitions from outside the intended directory. This leads to execution of arbitrary shell commands within the build sandbox, potentially bypassing review boundaries and executing unauthorized code during builds. The CVSS score of 6.1 reflects a medium severity with high confidentiality impact but limited integrity and no availability impact. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
A fix is available in melange version 0.43.4 which rejects pipeline[].uses values containing '..' or absolute paths and verifies resolved paths remain within the pipeline directory. Until upgrading, only run melange builds against configuration files from trusted sources. In CI systems that build user-supplied melange configs, implement manual review of pipeline[].uses values and reject any containing '..' or leading '/'.
CVE-2026-29050: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in chainguard-dev melange
Description
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set `pipeline[].uses` to a value containing `../` sequences or an absolute path. The `(*Compiled).compilePipeline` function in `pkg/build/compile.go` passed `uses` directly to `filepath.Join(pipelineDir, uses + ".yaml")` without validating the value, so the resolved path could escape each `--pipeline-dir` and read an arbitrary YAML-parseable file visible to the melange process. Because the loaded file is subsequently interpreted as a melange pipeline and its `runs:` block is executed via `/bin/sh -c` in the build sandbox, this additionally allowed shell commands sourced from an out-of-tree file to run during the build, bypassing the review boundary that normally covers the in-tree pipeline definition. The issue is fixed in melange v0.43.4 via commit 5829ca4. The fix rejects `uses` values that are absolute paths or contain `..`, and verifies (via `filepath.Rel` after `filepath.Clean`) that the resolved target remains within the pipeline directory. As a workaround, only run `melange build` against configuration files from trusted sources. In CI systems that build user-supplied melange configs, gate builds behind manual review of `pipeline[].uses` values and reject any containing `..` or leading `/`.
CVSS v3.1
Score 6.1medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Melange, a tool for building apk packages using declarative pipelines, improperly limits pathname resolution for pipeline steps specified in configuration files. Versions from 0.32.0 to before 0.43.4 allow an attacker who can influence the configuration file to set pipeline[].uses to a path containing '../' or an absolute path. The compilePipeline function concatenates this path without validation, enabling escape from the intended pipeline directory and loading arbitrary YAML files. These files are interpreted as melange pipelines, and their runs: blocks are executed via /bin/sh -c in the build sandbox, allowing execution of arbitrary shell commands. The issue is fixed in v0.43.4 by rejecting absolute or parent-directory paths and verifying the resolved path remains within the pipeline directory.
Potential Impact
An attacker able to influence melange configuration files can cause melange to load and execute arbitrary pipeline definitions from outside the intended directory. This leads to execution of arbitrary shell commands within the build sandbox, potentially bypassing review boundaries and executing unauthorized code during builds. The CVSS score of 6.1 reflects a medium severity with high confidentiality impact but limited integrity and no availability impact. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
A fix is available in melange version 0.43.4 which rejects pipeline[].uses values containing '..' or absolute paths and verifies resolved paths remain within the pipeline directory. Until upgrading, only run melange builds against configuration files from trusted sources. In CI systems that build user-supplied melange configs, implement manual review of pipeline[].uses values and reject any containing '..' or leading '/'.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-03T17:50:11.243Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69eab7a187115cfb68850e18
Added to database: 4/24/2026, 12:21:53 AM
Last enriched: 5/1/2026, 8:39:42 PM
Last updated: 6/7/2026, 8:27:32 AM
Views: 51
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.