GHSA-79QW-G77V-2VFH

Vulnerability from github – Published: 2026-04-22 17:44 – Updated: 2026-04-22 17:44
VLAI?
Summary
Inspektor Gadget: Command Injection via malicious buildOptions manipulation
Details

Impacted Resources

inspektor-gadget/cmd/common/image/build.go inspektor-gadget/cmd/common/image/helpers/Makefile.build

Description

The ig binary provides a subcommand for image building, used to generate custom gadget OCI images.

A part of this functionality is implemented in the file inspektor-gadget/cmd/common/image/build.go.

The following is the code responsible to construct the build command:

func buildCmd(options buildOptions) []string {
    cmd := []string{
        "make", "-f", filepath.Join(options.outputDir, "Makefile.build"),
        "-j", fmt.Sprintf("%d", runtime.NumCPU()),
        "OUTPUTDIR=" + options.outputDir,
        "CFLAGS=" + options.cFlags,
        "FORCE_COLORS=" + options.forceColorsFlag,
    }

    if options.ebpfSourcePath != "" {
        cmd = append(cmd, "EBPFSOURCE="+options.ebpfSourcePath, "ebpf")
    }
    if options.wasmSourcePath != "" {
        cmd = append(cmd, "WASM="+options.wasmSourcePath, "wasm")
    }
    if options.btfgen {
        cmd = append(cmd, "BTFHUB_ARCHIVE="+options.btfHubArchivePath, "btfgen")
    }

    return cmd
}

The Makefile.build file is the Makefile template employed during the building process.

This file includes user-controlled data in an unsafe fashion, specifically some parameters are embedded without an adequate escaping in the commands inside the Makefile.

This implementation is vulnerable to command injection: an attacker able to control values in the buildOptions structure would be able to execute arbitrary commands during the building process.

Impact

An attacker able to exploit this vulnerability would be able to execute arbitray command: - on the Linux host where the ig command is launched, if images are built with the --local flag - on the build container invoked by ig, if the --local flag is not provided

Attack Complexity

The buildOptions structure is extracted from the YAML gadget manifest passed to the ig image build command. Therefore, the attacker would need a way to control either the full build.yml file passed to the ig image build command, or one of its options.

Typically, this could happen in a CI/CD scenario that builds untrusted gadgets to verify correctness.

PoC

  1. Create the file build.yaml with the following content:
ebpfsource: "program.bpf.c"  
metadata: "gadget.yaml"  
cflags: " ; touch poc.txt ; "
  1. Create the file gadget.yaml with the following content:
name: test  
description: test gadget
  1. Create the file program.bpf.c with the following content:
#include <gadget/gadget.h>  
char LICENSE[] SEC("license") = "GPL";
  1. In the same directory where the files are run the command:
ig image build . -t test:latest
  1. Notice that the file poc.txt gets created inside the directory.

Suggested Remediation

Sanitize build options by providing a robust whitelist to filter on. Alternatively, revisit the design of image building to prevent shell substitution.

Resources

  • https://cwe.mitre.org/data/definitions/77.html
  • https://cwe.mitre.org/data/definitions/78.html
Severity ?
6.6 (Medium)
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/inspektor-gadget/inspektor-gadget"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.48.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-24905"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-22T17:44:22Z",
    "nvd_published_at": "2026-01-29T22:15:55Z",
    "severity": "MODERATE"
  },
  "details": "### Impacted Resources\n\n`inspektor-gadget/cmd/common/image/build.go`\n`inspektor-gadget/cmd/common/image/helpers/Makefile.build`\n\n### Description\n\nThe `ig` binary provides a subcommand for image building, used to generate custom gadget OCI images.\n\nA part of this functionality is implemented in the file `inspektor-gadget/cmd/common/image/build.go`.\n\nThe following is the code responsible to construct the build command:\n```go\nfunc buildCmd(options buildOptions) []string {\n\tcmd := []string{\n\t\t\"make\", \"-f\", filepath.Join(options.outputDir, \"Makefile.build\"),\n\t\t\"-j\", fmt.Sprintf(\"%d\", runtime.NumCPU()),\n\t\t\"OUTPUTDIR=\" + options.outputDir,\n\t\t\"CFLAGS=\" + options.cFlags,\n\t\t\"FORCE_COLORS=\" + options.forceColorsFlag,\n\t}\n\n\tif options.ebpfSourcePath != \"\" {\n\t\tcmd = append(cmd, \"EBPFSOURCE=\"+options.ebpfSourcePath, \"ebpf\")\n\t}\n\tif options.wasmSourcePath != \"\" {\n\t\tcmd = append(cmd, \"WASM=\"+options.wasmSourcePath, \"wasm\")\n\t}\n\tif options.btfgen {\n\t\tcmd = append(cmd, \"BTFHUB_ARCHIVE=\"+options.btfHubArchivePath, \"btfgen\")\n\t}\n\n\treturn cmd\n}\n```\n\nThe `Makefile.build` file is the Makefile template employed during the building process.\n\nThis file includes user-controlled data in an unsafe fashion, specifically some parameters are embedded without an adequate escaping in the commands inside the Makefile.\n\nThis implementation is vulnerable to command injection: an attacker able to control values in the `buildOptions` structure would be able to execute arbitrary commands during the building process.\n\n\n### Impact\n\nAn attacker able to exploit this vulnerability would be able to execute arbitray command: \n- on the Linux host where the `ig` command is launched, if images are built with the `--local` flag\n- on the build container invoked by `ig`, if the `--local` flag is not provided\n\n### Attack Complexity\n\nThe `buildOptions` structure is extracted from the YAML [gadget manifest](https://inspektor-gadget.io/docs/latest/gadget-devel/building#customizing-your-build) passed to the `ig image build` command. Therefore, the attacker would need a way to control either the full `build.yml` file passed to the `ig image build` command, or one of its options.\n\nTypically, this could happen in a CI/CD scenario that builds untrusted gadgets to verify correctness.\n\n### PoC\n\n1. Create the file `build.yaml` with the following content:\n```\nebpfsource: \"program.bpf.c\"  \nmetadata: \"gadget.yaml\"  \ncflags: \" ; touch poc.txt ; \"\n```\n2. Create the file `gadget.yaml` with the following content:\n```\nname: test  \ndescription: test gadget  \n```\n3. Create the file `program.bpf.c` with the following content:\n```\n#include \u003cgadget/gadget.h\u003e  \nchar LICENSE[] SEC(\"license\") = \"GPL\";\n```\n4. In the same directory where the files are run the command:\n```\nig image build . -t test:latest\n```\n5. Notice that the file `poc.txt` gets created inside the directory.\n\n### Suggested Remediation\n\nSanitize build options by providing a robust whitelist to filter on. Alternatively, revisit the design of image building to prevent shell substitution.\n\n### Resources\n\n- https://cwe.mitre.org/data/definitions/77.html\n- https://cwe.mitre.org/data/definitions/78.html",
  "id": "GHSA-79qw-g77v-2vfh",
  "modified": "2026-04-22T17:44:22Z",
  "published": "2026-04-22T17:44:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-79qw-g77v-2vfh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24905"
    },
    {
      "type": "WEB",
      "url": "https://github.com/inspektor-gadget/inspektor-gadget/commit/7c83ad84ff7a68565655253e2cf1c5d2da695c1a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/inspektor-gadget/inspektor-gadget"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Inspektor Gadget: Command Injection via malicious buildOptions manipulation"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.