VDB
CVE-2026-25542
CVE-2026-25542
PUBLISHED
CVSS 6.5 MEDIUM
Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching
EPSS 0.04% · 12.0th percentile
Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.04%
12.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| tektoncd | pipeline | >= 0.43.0, <= 1.11.0 |
| github.com | tektoncd/pipeline | 0.43.0 |
Timeline
- Apr 21, 2026 CVE Published
- Apr 21, 2026 CVE Updated
- Apr 22, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
References
- https://github.com/tektoncd/pipeline/security/advisories/GHSA-rmx9-2pp3-xhcr url
- https://github.com/tektoncd/pipeline/commit/b8905600322aa86327baae0a7c04d6cf1207362a url
- https://github.com/tektoncd/pipeline/commit/2c398711e6e9e232180508f0648425a8ea34dc9e url
- https://github.com/tektoncd/pipeline package
- https://github.com/tektoncd/pipeline/releases/tag/v1.11.0 url