3 matches found
CVE-2026-24905
CVE-2026-24905 affects Inspektor Gadget. The vulnerability arises from unsafe embedding of user-controlled data in the Makefile.build template used during ig image build, allowing command injection via buildOptions extracted from the gadget manifest. Before version 0.48.1, an attacker who can inf...
CVE-2026-25996
CVE-2026-25996 affects Inspektor Gadget. The vulnerability arises because string fields from eBPF events in the columns output mode are rendered to the terminal without sanitizing control characters or ANSI escape sequences, enabling injection via crafted event payloads. Affected surface includes...
CVE-2026-31890
Inspektor Gadget (eBPF-based data collection framework for Kubernetes/Linux) contains a DoS vulnerability prior to 0.50.1. When the gadget’s ring-buffer (hard-coded to 256KB) is full, the transfer mechanism via ring-buffers can fail to enqueue events and silently drop them; similarly, a gadget_re...