CVE-2026-28406

[mzihlmann]

Actual behavior
kaniko unpacks build context archives using filepath.Join(dest, cleanedName) without enforcing that the final path stays within dest. A tar entry like ../outside.txt escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, or when running via tini, this can be chained with external helper binaries to achieve code execution within the executor process.

Mitigation:
You can strip external helper binaries from the image, you don't need them for registry authentication, even for ECR and others

[mzihlmann]

GHSA-6rxq-q92g-4rmf

[mzihlmann]

Actually this is insecure on the same level, and not more than, as FROM ubuntu is insecure. kaniko doesn't run with more permissions than any other binary in the container, docker image build (with RUN) is fundamentally RCE as a service, so RCE is to be expected. That's exactly why kaniko runs without privileges. Of course it is not nice that the helper binaries can be hijacked and I will resolve this issue, but unlike buildkit and others, that doesn't change the security posture the slighest.

kaniko protects your servers, not your payload. That's the trade-off between buildkit & kaniko. And servers are not affected by this CVE only payload is, but that was never secure in the first place and will not be secured by this fix.