Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2026-40090 is a low severity vulnerability with a CVSS score of 0.0. No known exploits currently, and patches are available.
Very low probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages.
#4793, now fixed in version v0.74.2
Avoid inspecting unsigned packages
The package inspect sbom and package inspect documentation subcommands construct output file paths by joining a user-controlled output directory with the package's Metadata.Name field, which is attacker-controlled data read from the package archive. The Metadata.Name field is validated against a regex on create, ^[a-z0-9][a-z0-9\-]*$, however a malicious user could unarchive a package to change the .Metadata.Name field and the files inside the SBOMS.tar. This would lead to arbitrary file write in a location of the attackers choosing.
Neither location sanitizes or validates the package name before using it in the file path.
SBOM inspection:
outputPath := filepath.Join(o.outputDir, pkgLayout.Pkg.Metadata.Name)
err = pkgLayout.GetSBOM(ctx, outputPath)
Documentation inspection (line 1219):
outputPath := filepath.Join(o.outputDir, fmt.Sprintf("%s-documentation", pkgLayout.Pkg.Metadata.Name))
return pkgLayout.GetDocumentation(ctx, outputPath, o.keys)
pkgLayout.Pkg.Metadata.Name is read directly from the untrusted package's zarf.yaml manifest. An attacker can craft a malicious Zarf package where Metadata.Name contains path traversal sequences or root paths such as ../../etc/cron.d/malicious or /home/user/.ssh/authorized_keys.
Verdict: Network
A malicious package could be published to OCI and inspected directly with zarf package inspect sbom oci://<bad-package>
Verdict: Low It is not complicated to make and publish a malicious package. The Attacker only needs to edit the zarf.yaml and sboms.tar then edit the checksums.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.
Verdict: None
The attacker is relying on the runner of zarf package inspect sbom|documentation and needs no other privileges.
Verdict: Required The user must run the inspect command
Verdict: Unchanged The vulnerability operates entirely within the permissions of the user running zarf package inspect. The file write can't escape the privilege boundary of that user
Verdict: None This is an arbitrary file write vulnerability. The attacker can place or overwrite files on the filesystem but the vulnerability does not provide any mechanism to read or exfiltrate data from the target system.
Verdict: High The attacker controls both the file path (via Metadata.Name) and the file content (via the SBOM or documentation files inside the archive). This allows writing attacker-controlled content to arbitrary locations on the filesystem, limited only by the permissions of the user running the inspect command. Realistic exploitation includes writing SSH authorized_keys, cron jobs, or shell profiles.
Verdict: Low The vulnerability does not directly target service availability. However, an attacker could overwrite files that cause system disruption.