Zarf-dev Zarf
2 CVEs affecting Zarf-dev Zarf. Latest disclosed: 2026-04-14. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-29064 | High | 8.2 | 2026-03-06 | Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction al… |
CVE-2026-40090 | High | 7.1 | 2026-04-14 | Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package insp… |