GHSA-7CFQ-5MHV-JRP9 Inspektor Gadget: Unprivileged container can crash USDT note parser via crafted ELF (no shipped gadget affected)

Summary A malicious container can crash or destabilize the privileged Inspektor Gadget process when a gadget using USDT probes is deployed. The vulnerability is in the USDT note parser pkg/uprobetracer/usdt.go which is invoked when a gadget with a SEC"usdt/..." section attaches to a target binary...

GHSA-34R5-6J7W-235F Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Description String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences. Therefore, a maliciously forged – partially or completely – event payload, coming from an observed container, might inject the...

EUVD-2026-6695

Inspektor Gadget uses unsanitized ANSI Escape Sequences In columns Output Mode...

Inspektor Gadget: Command Injection via malicious buildOptions manipulation

Impacted Resources inspektor-gadget/cmd/common/image/build.go inspektor-gadget/cmd/common/image/helpers/Makefile.build Description The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

GHSA-79QW-G77V-2VFH Inspektor Gadget: Command Injection via malicious buildOptions manipulation

Impacted Resources inspektor-gadget/cmd/common/image/build.go inspektor-gadget/cmd/common/image/helpers/Makefile.build Description The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

SUSE CVE-2026-31890

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is - incidentally or maliciously - already full, the gadget will silently drop events. Th...

CVE-2026-31890

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. Th...

CVE-2026-31890

Inspektor Gadget (eBPF-based data collection framework for Kubernetes/Linux) contains a DoS vulnerability prior to 0.50.1. When the gadget’s ring-buffer (hard-coded to 256KB) is full, the transfer mechanism via ring-buffers can fail to enqueue events and silently drop them; similarly, a gadget_re...

CVE-2026-31890 Inspektor Gadget: Tracing Denial of Service via Event Flooding

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. Th...

CVE-2026-31890 Inspektor Gadget: Tracing Denial of Service via Event Flooding

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. Th...

Inspektor Gadget 安全漏洞

Inspektor Gadget is a set of tools and frameworks based on eBPF developed by Inspektor Gadget Inc. Versions of Inspektor Gadget prior to 0.50.1 contained security vulnerabilities. These vulnerabilities stemmed from the silent discarding of events when the ring buffer was full, with the discard...

PT-2026-25030

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. Th...

CVE-2026-25996

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

CVE-2026-25996

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

CVE-2026-25996

CVE-2026-25996 affects Inspektor Gadget. The vulnerability arises because string fields from eBPF events in the columns output mode are rendered to the terminal without sanitizing control characters or ANSI escape sequences, enabling injection via crafted event payloads. Affected surface includes...

CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

SUSE CVE-2026-24905

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

CVE-2026-24905

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

CVE-2026-24905 Inspektor Gadget has a Command Injection vulnerability in Makefile.build

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...