CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25542

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.MatchString. In Go, regexp.MatchString reports a match if the pattern matches anywhere in the string, so common unanchored patterns (including examples in tekton documentation) can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This can cause an unintended policy match and change which verification mode/keys apply. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.0%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2026-25542

Linuxfoundation » Tekton Pipelines » Version: 0.43.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.43.0
Linuxfoundation » Tekton Pipelines » Version: 0.43.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.43.1
Linuxfoundation » Tekton Pipelines » Version: 0.43.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.43.2
Linuxfoundation » Tekton Pipelines » Version: 0.44.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.44.0
Linuxfoundation » Tekton Pipelines » Version: 0.44.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.44.2
Linuxfoundation » Tekton Pipelines » Version: 0.44.3

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.44.3
Linuxfoundation » Tekton Pipelines » Version: 0.44.4

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.44.4
Linuxfoundation » Tekton Pipelines » Version: 0.45.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.45.0
Linuxfoundation » Tekton Pipelines » Version: 0.46.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.46.0
Linuxfoundation » Tekton Pipelines » Version: 0.47.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.47.0
Linuxfoundation » Tekton Pipelines » Version: 0.47.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.47.1
Linuxfoundation » Tekton Pipelines » Version: 0.47.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.47.2
Linuxfoundation » Tekton Pipelines » Version: 0.47.3

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.47.3
Linuxfoundation » Tekton Pipelines » Version: 0.48.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.48.0
Linuxfoundation » Tekton Pipelines » Version: 0.49.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.49.0
Linuxfoundation » Tekton Pipelines » Version: 0.50.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.50.0
Linuxfoundation » Tekton Pipelines » Version: 0.50.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.50.1
Linuxfoundation » Tekton Pipelines » Version: 0.50.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.50.2
Linuxfoundation » Tekton Pipelines » Version: 0.50.3

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.50.3
Linuxfoundation » Tekton Pipelines » Version: 0.50.4

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.50.4
Linuxfoundation » Tekton Pipelines » Version: 0.50.5

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.50.5
Linuxfoundation » Tekton Pipelines » Version: 0.50.6

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.50.6
Linuxfoundation » Tekton Pipelines » Version: 0.51.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.51.0
Linuxfoundation » Tekton Pipelines » Version: 0.52.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.52.0
Linuxfoundation » Tekton Pipelines » Version: 0.52.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.52.1
Linuxfoundation » Tekton Pipelines » Version: 0.53.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.53.0
Linuxfoundation » Tekton Pipelines » Version: 0.53.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.53.1
Linuxfoundation » Tekton Pipelines » Version: 0.53.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.53.2
Linuxfoundation » Tekton Pipelines » Version: 0.53.3

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.53.3
Linuxfoundation » Tekton Pipelines » Version: 0.53.4

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.53.4
Linuxfoundation » Tekton Pipelines » Version: 0.53.5

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.53.5
Linuxfoundation » Tekton Pipelines » Version: 0.53.6

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.53.6
Linuxfoundation » Tekton Pipelines » Version: 0.53.7

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.53.7
Linuxfoundation » Tekton Pipelines » Version: 0.53.8

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.53.8
Linuxfoundation » Tekton Pipelines » Version: 0.53.9

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.53.9
Linuxfoundation » Tekton Pipelines » Version: 0.54.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.54.0
Linuxfoundation » Tekton Pipelines » Version: 0.54.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.54.1
Linuxfoundation » Tekton Pipelines » Version: 0.54.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.54.2
Linuxfoundation » Tekton Pipelines » Version: 0.55.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.55.0
Linuxfoundation » Tekton Pipelines » Version: 0.56.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.56.0
Linuxfoundation » Tekton Pipelines » Version: 0.56.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.56.1
Linuxfoundation » Tekton Pipelines » Version: 0.56.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.56.2
Linuxfoundation » Tekton Pipelines » Version: 0.56.3

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.56.3
Linuxfoundation » Tekton Pipelines » Version: 0.56.4

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.56.4
Linuxfoundation » Tekton Pipelines » Version: 0.56.5

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.56.5
Linuxfoundation » Tekton Pipelines » Version: 0.56.6

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.56.6
Linuxfoundation » Tekton Pipelines » Version: 0.56.7

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.56.7
Linuxfoundation » Tekton Pipelines » Version: 0.56.8

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.56.8
Linuxfoundation » Tekton Pipelines » Version: 0.56.9

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.56.9
Linuxfoundation » Tekton Pipelines » Version: 0.57.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.57.0
Linuxfoundation » Tekton Pipelines » Version: 0.58.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.58.0
Linuxfoundation » Tekton Pipelines » Version: 0.59.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.59.0
Linuxfoundation » Tekton Pipelines » Version: 0.59.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.59.1
Linuxfoundation » Tekton Pipelines » Version: 0.59.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.59.2
Linuxfoundation » Tekton Pipelines » Version: 0.59.3

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.59.3
Linuxfoundation » Tekton Pipelines » Version: 0.59.4

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.59.4
Linuxfoundation » Tekton Pipelines » Version: 0.59.5

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.59.5
Linuxfoundation » Tekton Pipelines » Version: 0.59.6

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.59.6
Linuxfoundation » Tekton Pipelines » Version: 0.60.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.60.0
Linuxfoundation » Tekton Pipelines » Version: 0.60.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.60.1
Linuxfoundation » Tekton Pipelines » Version: 0.60.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.60.2
Linuxfoundation » Tekton Pipelines » Version: 0.61.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.61.0
Linuxfoundation » Tekton Pipelines » Version: 0.61.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.61.1
Linuxfoundation » Tekton Pipelines » Version: 0.62.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.62.0
Linuxfoundation » Tekton Pipelines » Version: 0.62.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.62.1
Linuxfoundation » Tekton Pipelines » Version: 0.62.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.62.2
Linuxfoundation » Tekton Pipelines » Version: 0.62.3

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.62.3
Linuxfoundation » Tekton Pipelines » Version: 0.62.4

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.62.4
Linuxfoundation » Tekton Pipelines » Version: 0.62.5

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.62.5
Linuxfoundation » Tekton Pipelines » Version: 0.62.6

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.62.6
Linuxfoundation » Tekton Pipelines » Version: 0.62.7

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.62.7
Linuxfoundation » Tekton Pipelines » Version: 0.62.8

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.62.8
Linuxfoundation » Tekton Pipelines » Version: 0.62.9

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.62.9
Linuxfoundation » Tekton Pipelines » Version: 0.63.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.63.0
Linuxfoundation » Tekton Pipelines » Version: 0.64.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.64.0
Linuxfoundation » Tekton Pipelines » Version: 0.65.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.65.0
Linuxfoundation » Tekton Pipelines » Version: 0.65.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.65.1
Linuxfoundation » Tekton Pipelines » Version: 0.65.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.65.2
Linuxfoundation » Tekton Pipelines » Version: 0.65.3

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.65.3
Linuxfoundation » Tekton Pipelines » Version: 0.65.4

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.65.4
Linuxfoundation » Tekton Pipelines » Version: 0.65.5

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.65.5
Linuxfoundation » Tekton Pipelines » Version: 0.65.6

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.65.6
Linuxfoundation » Tekton Pipelines » Version: 0.65.7

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.65.7
Linuxfoundation » Tekton Pipelines » Version: 0.66.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.66.0
Linuxfoundation » Tekton Pipelines » Version: 0.68.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.68.0
Linuxfoundation » Tekton Pipelines » Version: 0.68.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.68.1
Linuxfoundation » Tekton Pipelines » Version: 0.69.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.69.0
Linuxfoundation » Tekton Pipelines » Version: 0.69.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.69.1
Linuxfoundation » Tekton Pipelines » Version: 0.70.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:0.70.0
Linuxfoundation » Tekton Pipelines » Version: 1.0.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.0.0
Linuxfoundation » Tekton Pipelines » Version: 1.0.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.0.1
Linuxfoundation » Tekton Pipelines » Version: 1.1.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.1.0
Linuxfoundation » Tekton Pipelines » Version: 1.10.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.10.0
Linuxfoundation » Tekton Pipelines » Version: 1.10.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.10.1
Linuxfoundation » Tekton Pipelines » Version: 1.10.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.10.2
Linuxfoundation » Tekton Pipelines » Version: 1.2.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.2.0
Linuxfoundation » Tekton Pipelines » Version: 1.3.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.3.0
Linuxfoundation » Tekton Pipelines » Version: 1.3.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.3.1
Linuxfoundation » Tekton Pipelines » Version: 1.3.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.3.2
Linuxfoundation » Tekton Pipelines » Version: 1.3.3

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.3.3
Linuxfoundation » Tekton Pipelines » Version: 1.4.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.4.0
Linuxfoundation » Tekton Pipelines » Version: 1.5.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.5.0
Linuxfoundation » Tekton Pipelines » Version: 1.6.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.6.0
Linuxfoundation » Tekton Pipelines » Version: 1.6.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.6.1
Linuxfoundation » Tekton Pipelines » Version: 1.7.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.7.0
Linuxfoundation » Tekton Pipelines » Version: 1.9.0

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.9.0
Linuxfoundation » Tekton Pipelines » Version: 1.9.1

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.9.1
Linuxfoundation » Tekton Pipelines » Version: 1.9.2

cpe:2.3:a:linuxfoundation:tekton_pipelines:1.9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25542

Products

Pricing

Contact Us