GO-2026-4858 BuildKit's Malicious frontend can cause file escape outside of storage root in github.com/moby/buildkit

BuildKit's Malicious frontend can cause file escape outside of storage root in github.com/moby/buildkit...

CVE-2026-33747 BuildKit vulnerable to malicious frontend causing file escape outside of storage root

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

CVE-2026-33747 BuildKit vulnerable to malicious frontend causing file escape outside of storage root

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

EUVD-2026-16518

BuildKit's Malicious frontend can cause file escape outside of storage root...

GHSA-4C29-8RGM-JVJJ BuildKit's Malicious frontend can cause file escape outside of storage root

Impact When using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. Patches The issue has been fixed in v0.28.1+ Workarounds Issue requires using an untrusted BuildKit frontend set...

BuildKit's Malicious frontend can cause file escape outside of storage root

Impact When using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. Patches The issue has been fixed in v0.28.1+ Workarounds Issue requires using an untrusted BuildKit frontend set...

PT-2026-28525

Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.28.1 Description BuildKit is a toolkit for converting source code to build artifacts. When using a custom BuildKit frontend, a malicious frontend can craft an API message that causes files to be written outside of...

MAL-2025-142708 Malicious code in frontend-meissa-scripts-charon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b7993005ccd89c0204660a1eabf207f62018f8177e86a80e44ab904f81bd861 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

PT-2024-20002

Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.12.5 Description A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue is related to the conversion of source code to build artifacts. As ...