{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/package-inspection/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["zarf","path-traversal","arbitrary-file-write","package-inspection","linux"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eZarf, a tool for air-gapped deployments, is susceptible to a path traversal vulnerability (CVE-2026-40090) affecting versions prior to v0.74.2. The vulnerability stems from inadequate sanitization of the \u003ccode\u003eMetadata.Name\u003c/code\u003e field within Zarf package manifests. When a user employs the \u003ccode\u003ezarf package inspect sbom\u003c/code\u003e or \u003ccode\u003ezarf package inspect documentation\u003c/code\u003e commands on an untrusted package, the tool constructs output file paths by concatenating a user-controlled output directory with the package\u0026rsquo;s \u003ccode\u003eMetadata.Name\u003c/code\u003e field. A malicious actor can craft a Zarf package with a manipulated \u003ccode\u003eMetadata.Name\u003c/code\u003e containing path traversal sequences (e.g., \u003ccode\u003e../../\u003c/code\u003e), enabling arbitrary file write capabilities within the permissions of the user running the \u003ccode\u003einspect\u003c/code\u003e command. This vulnerability allows attackers to write to locations they control, potentially leading to privilege escalation or system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious Zarf package.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies the \u003ccode\u003ezarf.yaml\u003c/code\u003e manifest within the package to include a \u003ccode\u003eMetadata.Name\u003c/code\u003e field containing path traversal sequences (e.g., \u003ccode\u003e../../../../tmp/evil\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker repacks the Zarf package, recalculating checksums if necessary.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious Zarf package.\u003c/li\u003e\n\u003cli\u003eA victim user downloads the malicious Zarf package.\u003c/li\u003e\n\u003cli\u003eThe victim executes \u003ccode\u003ezarf package inspect sbom --output-dir /tmp \u0026lt;malicious-package.tar.zst\u0026gt;\u003c/code\u003e or \u003ccode\u003ezarf package inspect documentation --output-dir /tmp \u0026lt;malicious-package.tar.zst\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eZarf extracts the \u003ccode\u003eMetadata.Name\u003c/code\u003e from the \u003ccode\u003ezarf.yaml\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eZarf constructs an output path by joining the user-specified output directory (/tmp) with the malicious \u003ccode\u003eMetadata.Name\u003c/code\u003e (\u003ccode\u003e../../../../tmp/evil\u003c/code\u003e), resulting in \u003ccode\u003e/tmp/../../../../tmp/evil\u003c/code\u003e. The tool attempts to write the SBOM or documentation data to this path, resulting in writing the file to \u003ccode\u003e/tmp/evil\u003c/code\u003e. This allows attackers to write files such as SSH authorized keys, cron jobs, or shell profiles.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to write arbitrary files to the file system, limited by the permissions of the user running the \u003ccode\u003ezarf package inspect\u003c/code\u003e command. This can lead to several critical consequences: privilege escalation by writing to authorized_keys files, arbitrary code execution by writing cron jobs, or persistent compromise by writing to shell profiles. This vulnerability affects users running the \u003ccode\u003ezarf package inspect sbom\u003c/code\u003e or \u003ccode\u003ezarf package inspect documentation\u003c/code\u003e command on untrusted packages. The affected packages are go/github.com/zarf-dev/zarf versions \u0026gt;= 0.23.0 and \u0026lt; 0.74.2.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Zarf to version v0.74.2 or later to patch CVE-2026-40090.\u003c/li\u003e\n\u003cli\u003eAvoid inspecting unsigned Zarf packages as a workaround until the upgrade is complete, as mentioned in the advisory.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Zarf Package Inspection with Path Traversal\u0026rdquo; to identify attempts to exploit this vulnerability via command-line arguments.\u003c/li\u003e\n\u003cli\u003eMonitor file creation events in sensitive directories (e.g., \u003ccode\u003e/home/$USER/.ssh\u003c/code\u003e, \u003ccode\u003e/etc/cron.d\u003c/code\u003e) for files created by the zarf binary using the \u0026ldquo;Detect Zarf Arbitrary File Write\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-15T12:00:00Z","date_published":"2026-04-15T12:00:00Z","id":"/briefs/2026-04-15-zarf-path-traversal/","summary":"Zarf is vulnerable to path traversal due to insufficient sanitization of the Metadata.Name field in package manifests when using the `zarf package inspect sbom` or `zarf package inspect documentation` commands, potentially leading to arbitrary file write.","title":"Zarf Path Traversal Vulnerability via Malicious Package Metadata.Name","url":"https://feed.craftedsignal.io/briefs/2026-04-15-zarf-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Package-Inspection","version":"https://jsonfeed.org/version/1.1"}