Zarf is an airgap-native package manager designed for Kubernetes environments, facilitating offline package deployment. Between versions 0.54.0 and before 0.73.1, Zarf's archive extraction mechanism contains a path traversal vulnerability (CWE-22). Specifically, when extracting archives from Zarf packages, the software fails to properly restrict pathname resolution, allowing specially crafted packages to create symbolic links that point outside the designated extraction directory. This flaw enables attackers to manipulate file paths to read or write arbitrary files on the host system where the package is processed. The vulnerability does not require prior authentication or elevated privileges but does require user interaction to process the malicious package. The CVSS v3.1 score is 8.2 (high), reflecting the significant impact on confidentiality and integrity, with a local attack vector and low attack complexity. The vulnerability has been addressed in Zarf version 0.73.1 by implementing proper pathname validation and symlink handling during archive extraction. No public exploits or active exploitation campaigns have been reported, but the potential for serious system compromise exists if exploited.

Successful exploitation of this vulnerability can lead to unauthorized disclosure and modification of sensitive files on systems running vulnerable Zarf versions. This compromises confidentiality and integrity, potentially allowing attackers to alter configuration files, inject malicious code, or exfiltrate sensitive data. Since Zarf is used in Kubernetes air-gapped environments, which often manage critical infrastructure or sensitive workloads, the impact can be severe, including disruption of container orchestration, deployment of malicious containers, or lateral movement within isolated networks. The vulnerability does not directly affect availability but could indirectly cause service disruption through system compromise. Organizations relying on Zarf for secure package management in Kubernetes clusters face increased risk of supply chain attacks and insider threats if this vulnerability is exploited.

Organizations should immediately upgrade all Zarf deployments to version 0.73.1 or later, where the vulnerability is patched. Until upgrades can be performed, restrict access to systems processing Zarf packages to trusted personnel only and validate all packages before processing. Implement strict file system monitoring and integrity checks on directories used for package extraction to detect unauthorized file modifications or symlink creations. Employ sandboxing or container isolation when processing untrusted packages to limit potential damage. Additionally, incorporate digital signature verification for Zarf packages to ensure authenticity and integrity before extraction. Regularly audit and review package sources and deployment workflows to minimize exposure to malicious packages. Finally, maintain up-to-date incident response plans to quickly address any suspected exploitation.