compliance-trestle Arbitrary File Write via Path Traversal
The compliance-trestle application is vulnerable to arbitrary file write via path traversal; the `-o/--output` argument in `trestle author jinja` allows writing files outside the intended workspace due to improper validation of path traversal characters, leading to potential CI/CD compromise or local code execution by overwriting sensitive files such as `.github/workflows/*.yml` or `.git/hooks/*`.
The compliance-trestle application, specifically the trestle author jinja command, is susceptible to an arbitrary file write vulnerability due to insufficient validation of the output path. By manipulating the -o/--output argument, an attacker can write files to locations outside the intended workspace directory. This is because the application fails to properly sanitize path traversal characters such as ../ and ..\, as well as absolute paths. This vulnerability was reported on May 28, 2026. Successful exploitation can lead to overwriting critical files, potentially compromising CI/CD pipelines or enabling local code execution. This poses a significant risk to systems using compliance-trestle, particularly in automated environments where file integrity is crucial. The vulnerability affects compliance-trestle versions prior to 4.0.3 and versions up to 3.12.1.
Attack Chain
- The attacker gains local access to a system with compliance-trestle installed.
- The attacker crafts a malicious template file (e.g.,
template.j2) containing arbitrary content. - The attacker executes the
trestle author jinjacommand, specifying the malicious template file using the-iparameter. - The attacker uses the
-oparameter to specify an output path containing path traversal sequences (e.g.,subdir\..\..\..\..\..\poc.txt) or an absolute path. - Due to insufficient validation, the application writes the content of the template file to the attacker-specified location outside the intended workspace.
- The attacker overwrites a sensitive file, such as
.github/workflows/*.ymlor.git/hooks/*. - If a
.github/workflows/*.ymlfile is overwritten, the next CI/CD run executes attacker-controlled code. - If a
.git/hooks/*file is overwritten, a subsequentgitcommand executes attacker-controlled code.
Impact
Successful exploitation of this vulnerability allows an attacker to write arbitrary files outside the intended workspace directory, potentially overwriting sensitive files writable by the user running the trestle command. This can lead to various impacts, including CI/CD compromise by overwriting .github/workflows/*.yml files, resulting in the execution of attacker-controlled GitHub Actions workflows. Overwriting .git/hooks/* files can lead to local code execution when git commands are run. Additionally, user configuration files such as .bashrc can be modified, and repository files and generated compliance artifacts can be tampered with. In CI/CD environments, this can result in the execution of attacker-controlled commands on build runners, leading to potential data breaches or system compromise.
Recommendation
- Apply the patch or upgrade to compliance-trestle version 4.0.3 or later to address CVE-2026-46345.
- Deploy the Sigma rules provided in this brief to detect exploitation attempts.
- Implement strict input validation on the
-o/--outputargument withintrestle author jinjato prevent path traversal (reference vulnerability description). - Monitor file system events for suspicious file writes outside the intended workspace directory using process creation logs.
Detection coverage 2
Detect CVE-2026-46345 Exploitation Attempt - Compliance Trestle Path Traversal
highDetects CVE-2026-46345 exploitation attempt by monitoring process execution with suspicious output paths in compliance-trestle.
Detect CVE-2026-46345 - Compliance Trestle Absolute Path File Write
mediumDetects CVE-2026-46345 - Detects compliance-trestle writing to an absolute file path, bypassing intended workspace.
Detection queries are available on the platform. Get full rules →