—
GO-2026-5211
Inspektor Gadget: Command Injection via malicious buildOptions manipulation in github.com/inspektor-gadget/inspektor-gadget
Details
Inspektor Gadget: Command Injection via malicious buildOptions manipulation in github.com/inspektor-gadget/inspektor-gadget
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/inspektor-gadget/inspektor-gadget
Introduced in:
0 Fixed in: 0.51.1 Fix
go get github.com/inspektor-gadget/inspektor-gadget@v0.51.1 References
- https://github.com/inspektor-gadget/inspektor-gadget/security/advisories/GHSA-79qw-g77v-2vfh [ADVISORY]
- https://nvd.nist.gov/vuln/detail/CVE-2026-24905 [ADVISORY]
- https://github.com/inspektor-gadget/inspektor-gadget/commit/7c83ad84ff7a68565655253e2cf1c5d2da695c1a [FIX]
- https://github.com/inspektor-gadget/inspektor-gadget/commit/d9bf2fe4a180dad33ce57ca793ff4799ee7b8320 [FIX]