CVE-2026-25996

Name of the Vulnerable Software and Affected Versions Inspektor Gadget (affected versions not specified)

Description Inspektor Gadget has an issue where string fields from eBPF events in columns output mode are not sanitized, potentially allowing maliciously crafted event payloads from observed containers to inject ANSI escape sequences into the terminal of operators. This can lead to various effects due to the lack of sanitization of control characters. The columns output mode is the default when running Inspektor Gadget interactively.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.