CVE-2026-40938 | tektoncd pipeline up to 1.11.0 validateRepoURL argument injection (GHSA-94jr-7pqp-xhcq)

Inserito da Angelo Barbosa | Apr 22, 2026 | CVE

A vulnerability was found in tektoncd pipeline up to 1.11.0. It has been declared as critical. Affected is the function validateRepoURL. Such manipulation leads to argument injection.

This vulnerability is uniquely identified as CVE-2026-40938. The attack can be launched remotely. No exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-40938 | tektoncd pipeline up to 1.11.0 validateRepoURL argument injection (GHSA-94jr-7pqp-xhcq)

Post correlati

CVE-2026-28791 | tinacms up to 2.1.6 media.ts join path traversal (GHSA-5hxf-c7j4-279c)

CVE-2024-56041 | VibeBP Plugin sql injection

CVE-2026-4254 | Tenda AC8 up to 16.03.50.11 HTTP Endpoint /goform/SysToolChangePwd doSystemCmd local_2c stack-based overflow

CVE-2026-1483 | Quatuor Evaluación de Desempeño evaluacion_objetivos_ver_auto.aspx Id_usuario sql injection