Product
high
advisory
BuildKit Git URL Subdir Traversal Vulnerability
2 rules 1 TTPA vulnerability in BuildKit (fixed in v0.28.1) allows for potential file access outside the Git repository root due to insufficient validation of Git URL fragment subdirectories, potentially leading to privilege escalation.
BuildKit
git
directory-traversal
privilege-escalation
2r
1t
high
advisory
BuildKit Malicious Frontend File Escape Vulnerability
2 rules 1 TTPA malicious BuildKit frontend can craft API messages that write files outside the BuildKit state directory, leading to file escape, fixed in v0.28.1+ and requires using an untrusted frontend with `#syntax` or `--build-arg BUILDKIT_SYNTAX`.
BuildKit
file-escape
privilege-escalation
cve-2026-33747
2r
1t