CVE-2026-29064 is a path traversal vulnerability classified under CWE-22 found in the Zarf package manager, a tool designed to facilitate air-gapped Kubernetes deployments by managing packages natively. The vulnerability exists in the archive extraction process of Zarf versions 0.54.0 through 0.73.0, where specially crafted packages can include symbolic links that point outside the designated extraction directory. This improper limitation of pathname allows an attacker to bypass directory restrictions and perform arbitrary file read or write operations on the host system processing the package. Since Zarf is used to deploy software in isolated Kubernetes environments, this vulnerability could be leveraged to manipulate critical files, potentially leading to unauthorized disclosure or modification of sensitive data. The attack vector is local (AV:L), requires low attack complexity (AC:L), no privileges (PR:N), but does require user interaction (UI:R) to process the malicious package. The scope is changed (S:C) because the vulnerability can affect resources beyond the initially targeted component. The CVSS v3.1 base score is 8.2, reflecting high severity due to the potential impact on confidentiality and integrity. The issue was patched in version 0.73.1, and no known exploits have been reported in the wild as of the publication date. The vulnerability highlights the importance of secure archive extraction and validation in package management tools, especially those used in sensitive air-gapped Kubernetes environments.

The vulnerability poses a significant risk to organizations deploying Kubernetes clusters using Zarf versions prior to 0.73.1. Exploitation can lead to unauthorized reading or modification of arbitrary files on the host system, potentially exposing sensitive configuration files, credentials, or other critical data. This can compromise the confidentiality and integrity of the affected systems and may facilitate further attacks such as privilege escalation or lateral movement within the network. Since Zarf is designed for air-gapped environments, which often handle sensitive or classified workloads, the impact is amplified in sectors like government, defense, and critical infrastructure. The requirement for user interaction and local access somewhat limits remote exploitation, but insider threats or compromised build pipelines could leverage this flaw. The absence of known exploits in the wild reduces immediate risk but does not eliminate it, especially as attackers may develop exploits following disclosure. Organizations failing to patch may face data breaches, operational disruptions, and loss of trust.

To mitigate this vulnerability, organizations should upgrade Zarf to version 0.73.1 or later, where the path traversal issue has been fixed. Until upgrading is possible, implement strict validation of all Zarf packages before processing, including verifying package integrity and source authenticity. Employ sandboxing or containerization techniques to isolate the extraction process, limiting the potential impact of malicious packages. Monitor file system changes during package extraction to detect unauthorized modifications outside expected directories. Restrict access to systems running Zarf to trusted personnel only and enforce the principle of least privilege to minimize the risk from local attackers. Additionally, incorporate security scanning tools that can detect path traversal patterns in package contents. Regularly audit Kubernetes deployment pipelines and air-gapped environments for signs of compromise or anomalous activity related to package management.