products / tekton
Tekton Pipelines
Tekton provides Kubernetes CRDs for CI/CD steps, tasks, and pipelines. NVD lists the core controller as linuxfoundation:tekton_pipelines. CVE volume is lower than Jenkins or GitLab; Attestd tracks Tekton after confirming sufficient non-sentinel NVD version ranges.
api usage
Querying Tekton
product slug
tektonversion format
0.60.0, 1.9.2bash
curl "https://api.attestd.io/v1/check?product=tekton&version=0.60.0" \
-H "Authorization: Bearer $ATTESTD_KEY"Example for a release in NVD ranges for pipeline controller issues. Re-verify risk_state on your cluster image tag (Tekton Pipelines version, not Tekton Operator version).
json
{
"product": "tekton",
"version": "0.60.0",
"supported": true,
"risk_state": "high",
"risk_factors": ["privilege_escalation", "patch_available"],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": true,
"patch_available": true,
"fixed_version": "1.10.0",
"confidence": 0.82,
"cve_ids": ["CVE-2026-33022"],
"last_updated": "2026-05-11T00:00:00Z",
"supply_chain": null
}newer line
1.10.0 is a representative newer pipeline release for a post-patch spot check.
bash
curl "https://api.attestd.io/v1/check?product=tekton&version=1.10.0" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | CVSS |
|---|---|---|
CVE-2023-37264 | Pipeline policy enforcement gap in controller. | 3.7 |
CVE-2026-33022 | Controller: privilege boundary fixes across release lines. | 6.5 |
CVE-2026-33211 | Additional pipeline controller hardening (NVD ranges). | N/A |
related