Tekton git resolver path traversal exposes resolver pod secrets

TL;DR — Tekton Pipelines’ git resolver has a critical path traversal that can let a tenant read arbitrary files from the resolver pod (including ServiceAccount tokens) by abusing pathInRepo.

What happened

Tekton Pipelines is a Kubernetes-native CI/CD framework for defining and running pipeline tasks as cluster resources.

CVE-2026-33211 describes a critical path traversal in the Tekton Pipelines git resolver via the pathInRepo parameter. A tenant who can create ResolutionRequests (for example through TaskRuns / PipelineRuns that use the git resolver) can read arbitrary files from the resolver pod’s filesystem, and the file contents are returned base64-encoded in resolutionrequest.status.data.

Severity is CVSS v3.1 9.6 (Critical). This is a high-priority CI/CD issue because resolver pods commonly run with access to Kubernetes credentials and build-time secrets; turning “fetch build inputs” into “read arbitrary pod files” is a direct pipeline-to-cluster trust-boundary break.

Who is impacted

• Tekton Pipelines deployments using the git resolver.
• Tenants/users who can influence git resolver inputs via ResolutionRequests.
• Affected versions and patch lines (per the CVE record):

What to do now

• Follow upstream remediation guidance and move to a patched release line listed in the CVE record.

  "Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch."

• Inventory clusters running Tekton Pipelines and determine whether the git resolver is enabled/used by untrusted tenants.
• Reduce exposure by tightening who can create or trigger TaskRuns, PipelineRuns, and ResolutionRequests that invoke the git resolver.
• If compromise is suspected, treat this as a credential exposure scenario: review usage of resolver-related ServiceAccounts and rotate any credentials/secrets that may be readable by the resolver pod filesystem.