A second high-severity vulnerability in apko further increases the risk of container image compromise during the automated build and publish phases.

Similar to CVE-2026-25121, this vulnerability in apko affects the OCI image build process. The CVSS score of 7.5 indicates a high-impact flaw, potentially allowing for the injection of unauthorized content or the modification of image metadata by an attacker with pipeline access.

The impact of this vulnerability is significant, as it could result in the deployment of compromised containers across the enterprise. This could lead to data exfiltration, service disruption, and the introduction of persistent backdoors within the production environment, significantly damaging the organization's security posture.

Immediate Action: Apply the latest security updates to apko and audit the integrity of all OCI images published during the period the vulnerability was present.

Proactive Monitoring: Monitor build pipeline logs for unauthorized package additions or changes to the image manifest during the build process.

Compensating Controls: Enforce strict role-based access control (RBAC) for the CI/CD environment and utilize automated security scanning for all generated container images.

Public Exploit Available: false

It is critical to apply the latest patches to apko to protect the software supply chain. Organizations must prioritize the security of their container build processes to prevent the introduction of vulnerabilities into their production cloud environments.