CVE-2026-25542

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 0.43.0 through 1.11.0

Description Trusted resources verification policies match a resource source string refSource.URI against spec.resources[].pattern using the regexp.MatchString function. Because this function reports a match if the pattern is found anywhere in the string, unanchored patterns can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This may lead to an unintended policy match and alter the applicable verification modes or keys.

Recommendations Update Tekton Pipelines to a version later than 1.11.0.