Tekton Pipelines is a Kubernetes-native framework for defining CI/CD pipelines. The vulnerability identified as CVE-2026-33211 is a path traversal flaw (CWE-22) in the git resolver component of Tekton Pipelines. Specifically, the git resolver uses a parameter called pathInRepo to specify paths within a git repository. In affected versions (>=1.0.0 and prior to 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2), this parameter is improperly sanitized, allowing an attacker with permission to create ResolutionRequests (typically via creating TaskRuns or PipelineRuns that use the git resolver) to traverse outside the intended directory boundaries. By exploiting this, an attacker can read arbitrary files on the resolver pod's filesystem, including sensitive files such as ServiceAccount tokens. The contents of these files are returned base64-encoded in the resolutionrequest.status.data field, enabling exfiltration of secrets. The vulnerability has a CVSS v3.1 score of 9.6 (critical), reflecting its high impact on confidentiality and integrity, low attack complexity, and the fact that it requires privileges to create pipeline runs but no user interaction. No known exploits in the wild have been reported yet, but the risk is significant due to the sensitive nature of the data exposed. The issue is fixed in versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 by properly restricting path traversal in the pathInRepo parameter.

The vulnerability allows attackers with limited permissions to read arbitrary files on the resolver pod, including Kubernetes ServiceAccount tokens. This can lead to unauthorized access to cluster resources, privilege escalation, and lateral movement within the Kubernetes environment. Exposure of ServiceAccount tokens can compromise the integrity and confidentiality of the CI/CD pipeline and the underlying infrastructure. Organizations relying on Tekton Pipelines for automated builds and deployments risk data leakage, pipeline sabotage, and potential full cluster compromise if attackers leverage stolen tokens. The impact is critical for organizations using affected versions, especially in multi-tenant or shared cluster environments where attackers may have limited initial privileges but can escalate via this flaw.

1. Immediately upgrade Tekton Pipelines to one of the patched versions: 1.0.1, 1.3.3, 1.6.1, 1.9.2, or 1.10.2. 2. Restrict permissions to create TaskRuns and PipelineRuns that use the git resolver to trusted users only, minimizing the attack surface. 3. Audit existing ResolutionRequests and pipeline runs for suspicious pathInRepo parameters or unexpected base64-encoded data in resolutionrequest.status.data. 4. Implement Kubernetes RBAC policies to limit access to resolver pods and ServiceAccount tokens. 5. Monitor logs and network traffic for signs of exploitation attempts or unusual file access patterns. 6. Consider isolating CI/CD workloads in dedicated namespaces or clusters with minimal privileges. 7. Rotate ServiceAccount tokens and credentials if compromise is suspected. 8. Review and harden pod security policies to restrict filesystem access where possible.