CVE-2026-47680

Impact

An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory.

The corruption surface is bounded by source-controller's own and downstream Flux controllers' digest verification: source-controller verifies stored artifact digests during reconciliation and rebuilds on divergence; consumers (kustomize-controller, helm-controller) verify the digest of fetched artifacts and reject mismatches. These checks prevent a manipulated artifact from reaching the cluster, but an attacker can still write files anywhere the source-controller pod has permission to write.

Separately, a user with permission to create or update GitRepository resources can cause source-controller to test for the existence of paths outside the cloned repository. Because the result is exposed via the resource's status, this allows limited enumeration of file paths on the controller pod. This surface exists only on source-controller v1.6.0 and later, where the sparse-checkout feature was introduced.

Patches

This vulnerability was fixed in source-controller v1.8.5.

Workarounds

There is no in-product workaround. Users should upgrade to a patched version.

As a defense-in-depth measure for the GitRepository sparse-checkout surface, a ValidatingAdmissionPolicy (or a third-party policy engine such as Kyverno or OPA Gatekeeper) can be deployed to reject GitRepository resources whose .spec.sparseCheckout entries contain .. or absolute path segments.

References

• source-controller#2054

Credits

The path traversal in the Bucket reconciler was reported by JUNYI LIU. The path traversal in the GitRepository sparse-checkout validation was found and patched by the Flux engineering team.

For more information

If you have any questions or comments about this advisory:

• Open an issue in the source-controller repository.
• Contact us at the CNCF Flux Channel.