CVE-2026-29064 Kubernetes — Exploit & Vulnerability Details HIGH

CVE-2026-29064

HIGH CVSS 3.1: 8.2 EPSS 0.03%

Parameter	Value
CVSS	8.2 (HIGH)
Affected Versions	before 0.73.1
Fixed In	0.73.1
Type	CWE-22 (Path Traversal)
Vendor	Kubernetes
Public PoC	No

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or write on the system processing the package. This issue has been patched in version 0.73.1.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-22 Path Traversal

References 2

https://github.com/zarf-dev/zarf/releases/tag/v0.73.1

security-advisories@github.com

https://github.com/zarf-dev/zarf/security/advisories/GHSA-hcm4-6hpj-vghm

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-40090

Kubernetes

7.1

CVE-2026-39884

Kubernetes

8.3

CVE-2026-34984

Kubernetes

7.1

CVE-2026-5483

Kubernetes

8.5

CVE-2026-35206

Helm

4.8

Menu

CVE-2026-29064

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-40090

CVE-2026-39884

CVE-2026-34984

CVE-2026-5483

CVE-2026-35206

CVE Details

Editor's Choice

Menu

CVE-2026-29064

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-40090

CVE-2026-39884

CVE-2026-34984

CVE-2026-5483

CVE-2026-35206

CVE Details

Editor's Choice

Stay informed on cybersecurity