products / tekton
Tekton Pipelines
Tekton provides Kubernetes CRDs for CI/CD steps, tasks, and pipelines. NVD lists the core controller as linuxfoundation:tekton_pipelines. CVE volume is lower than Jenkins or GitLab; Attestd includes Tekton after scripts/test_nvd.py confirmed sufficient non-sentinel ranges.
api usage
Querying Tekton
product slug
tektonversion format
0.60.0, 1.9.2bash
curl "https://api.attestd.io/v1/check?product=tekton&version=0.60.0" \
-H "Authorization: Bearer $ATTESTD_KEY"Example for a release in NVD ranges for pipeline controller issues. Re-verify risk_state on your cluster image tag (Tekton Pipelines version, not Tekton Operator version).
json
{
"product": "tekton",
"version": "0.60.0",
"supported": true,
"risk_state": "high",
"risk_factors": ["privilege_escalation", "patch_available"],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": true,
"patch_available": true,
"confidence": 0.82,
"cve_ids": ["CVE-2026-33022"],
"last_updated": "2026-05-11T00:00:00Z"
}newer line
1.10.0 is a representative newer pipeline release for a post-patch spot check.
bash
curl "https://api.attestd.io/v1/check?product=tekton&version=1.10.0" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | CVSS |
|---|---|---|
CVE-2023-37264 | Pipeline policy enforcement gap in controller. | 3.7 |
CVE-2026-33022 | Controller: privilege boundary fixes across release lines. | 6.5 |
CVE-2026-33211 | Additional pipeline controller hardening (NVD ranges). | N/A |
related