GHSA-PJ97-4P9W-GX3Q

Vulnerability from github – Published: 2026-04-14 22:32 – Updated: 2026-04-14 22:32
VLAI?
Summary
Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write
Details

Impact

This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages.

Patches

4793, now fixed in version v0.74.2

Workarounds

Avoid inspecting unsigned packages

Description

The package inspect sbom and package inspect documentation subcommands construct output file paths by joining a user-controlled output directory with the package's Metadata.Name field, which is attacker-controlled data read from the package archive. The Metadata.Name field is validated against a regex on create, ^[a-z0-9][a-z0-9\-]*$, however a malicious user could unarchive a package to change the .Metadata.Name field and the files inside the SBOMS.tar. This would lead to arbitrary file write in a location of the attackers choosing.

Neither location sanitizes or validates the package name before using it in the file path.

SBOM inspection:

outputPath := filepath.Join(o.outputDir, pkgLayout.Pkg.Metadata.Name)
err = pkgLayout.GetSBOM(ctx, outputPath)

Documentation inspection (line 1219):

outputPath := filepath.Join(o.outputDir, fmt.Sprintf("%s-documentation", pkgLayout.Pkg.Metadata.Name))
return pkgLayout.GetDocumentation(ctx, outputPath, o.keys)

pkgLayout.Pkg.Metadata.Name is read directly from the untrusted package's zarf.yaml manifest. An attacker can craft a malicious Zarf package where Metadata.Name contains path traversal sequences or root paths such as ../../etc/cron.d/malicious or /home/user/.ssh/authorized_keys.

CVSS Explainations

Attack Vector

Verdict: Network A malicious package could be published to OCI and inspected directly with zarf package inspect sbom oci://<bad-package>

Attack Complexity

Verdict: Low It is not complicated to make and publish a malicious package. The Attacker only needs to edit the zarf.yaml and sboms.tar then edit the checksums.

Privileges Required

Verdict: None The attacker is relying on the runner of zarf package inspect sbom|documentation and needs no other privileges.

User Interaction

Verdict: Required The user must run the inspect command

Scope

Verdict: Unchanged The vulnerability operates entirely within the permissions of the user running zarf package inspect. The file write can't escape the privilege boundary of that user

Confidentiality

Verdict: None This is an arbitrary file write vulnerability. The attacker can place or overwrite files on the filesystem but the vulnerability does not provide any mechanism to read or exfiltrate data from the target system.

Integrity

Verdict: High The attacker controls both the file path (via Metadata.Name) and the file content (via the SBOM or documentation files inside the archive). This allows writing attacker-controlled content to arbitrary locations on the filesystem, limited only by the permissions of the user running the inspect command. Realistic exploitation includes writing SSH authorized_keys, cron jobs, or shell profiles.

Availability

Verdict: Low The vulnerability does not directly target service availability. However, an attacker could overwrite files that cause system disruption.

Severity ?
7.1 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/zarf-dev/zarf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.23.0"
            },
            {
              "fixed": "0.74.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40090"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-14T22:32:53Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nThis vulnerability impacts users of `zarf package inspect sbom` or `zarf package inspect documentation` on untrusted packages.\n\n### Patches\n#4793, now fixed in version v0.74.2\n\n### Workarounds\nAvoid inspecting unsigned packages\n\n## Description\n\nThe `package inspect sbom` and `package inspect documentation` subcommands construct output file paths by joining a user-controlled output directory with the package\u0027s `Metadata.Name` field, which is attacker-controlled data read from the package archive. The `Metadata.Name` field is validated against a regex on create, `^[a-z0-9][a-z0-9\\-]*$`, however a malicious user could unarchive a package to change the `.Metadata.Name` field and the files inside the SBOMS.tar.  This would lead to arbitrary file write in a location of the attackers choosing. \n\nNeither location sanitizes or validates the package name before using it in the file path.\n\n**SBOM inspection:**\n```go\noutputPath := filepath.Join(o.outputDir, pkgLayout.Pkg.Metadata.Name)\nerr = pkgLayout.GetSBOM(ctx, outputPath)\n```\n\n**Documentation inspection (line 1219):**\n```go\noutputPath := filepath.Join(o.outputDir, fmt.Sprintf(\"%s-documentation\", pkgLayout.Pkg.Metadata.Name))\nreturn pkgLayout.GetDocumentation(ctx, outputPath, o.keys)\n```\n\n`pkgLayout.Pkg.Metadata.Name` is read directly from the untrusted package\u0027s `zarf.yaml` manifest. An attacker can craft a malicious Zarf package where `Metadata.Name` contains path traversal sequences or root paths such as `../../etc/cron.d/malicious` or `/home/user/.ssh/authorized_keys`.\n\n### CVSS Explainations\n#### Attack Vector\nVerdict: Network\nA malicious package could be published to OCI and inspected directly with `zarf package inspect sbom oci://\u003cbad-package\u003e`\n\n#### Attack Complexity \nVerdict: Low\nIt is not complicated to make and publish a malicious package. The Attacker only needs to edit the zarf.yaml and sboms.tar then edit the checksums.\n\n#### Privileges Required\nVerdict: None\nThe attacker is relying on the runner of `zarf package inspect sbom|documentation` and needs no other privileges.\n\n#### User Interaction\nVerdict: Required\nThe user must run the inspect command\n\n#### Scope\nVerdict: Unchanged\nThe vulnerability operates entirely within the permissions of the user running zarf package inspect. The file write can\u0027t escape the privilege boundary of that user \n\n#### Confidentiality\nVerdict: None\nThis is an arbitrary file write vulnerability. The attacker can place or overwrite files on the filesystem but the vulnerability does not provide any mechanism to read or exfiltrate data from the target system.\n\n#### Integrity\nVerdict: High\nThe attacker controls both the file path (via Metadata.Name) and the file content (via the SBOM or documentation files inside the archive). This allows writing attacker-controlled content to arbitrary locations on the filesystem, limited only by the permissions of the user running the inspect command. Realistic exploitation includes writing SSH authorized_keys, cron jobs, or shell profiles.\n\n### Availability\nVerdict: Low\nThe vulnerability does not directly target service availability. However, an attacker could overwrite files that cause system disruption.",
  "id": "GHSA-pj97-4p9w-gx3q",
  "modified": "2026-04-14T22:32:53Z",
  "published": "2026-04-14T22:32:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/zarf-dev/zarf/security/advisories/GHSA-pj97-4p9w-gx3q"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zarf-dev/zarf/pull/4793"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/zarf-dev/zarf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Zarf has a Path Traversal via Malicious Package Metadata.Name \u2014 Arbitrary File Write"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.