CVE-2026-28406Chainguard · Kaniko
Vulnerability data via NVD (ingested)
kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using `filepath.Join(dest, cleanedName)` without enforcing that the final path stays within `dest`. A tar entry like `../outside.txt` escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this can be chained with docker credential helpers to achieve code execution within the executor process. Version 1.25.10 uses securejoin for path resolution in tar extraction.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2026-28406product:"Chainguard Kaniko"http.html:"Kaniko"More intel sources (5)
vuln:CVE-2026-28406vulnerabilities.cve_id: CVE-2026-28406CVE-2026-28406CVE-2026-28406"CVE-2026-28406" exploit -site:nvd.nist.gov