CVE-2026-25996: Terminal Escape Sequence Injection in Inspektor Gadget

Inspektor Gadget (ig) is a toolset for observing and debugging Kubernetes clusters and Linux hosts using eBPF technology. Versions of ig prior to 0.49.1 contain a vulnerability classified as CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences. This vulnerability specifically affects the standard text rendering components of the tool when displaying captured system events.

The core issue resides in the textcolumns formatter utilized by the ig command-line interface. When operators run the tool in the default columns output mode, it extracts fields from eBPF trace events and formats them for tabular display on the standard output stream. The tool processes these string arrays directly without stripping or encoding non-printable characters.

Because eBPF traces operate by capturing events from user-space processes, the data populating these fields originates from untrusted sources. An attacker possessing execution privileges within a monitored container can craft system events containing malicious byte sequences. These sequences are subsequently extracted by the eBPF sensors and passed unmodified to the operator's terminal.

The security impact manifests when the operator's terminal emulator interprets these byte sequences as ANSI control instructions rather than literal text. Attackers can utilize this mechanism to move the terminal cursor, overwrite preceding log entries, and manipulate the visual output of the ig tool. This enables active evasion of real-time monitoring and log spoofing.

The vulnerability stems from the buildFixedString method located in pkg/columns/formatter/textcolumns/output.go. This function is responsible for adjusting the length of string fields extracted from eBPF events to fit the predefined column widths of the terminal output. It handles truncation and ellipsis formatting but explicitly omits any inspection of the byte contents.

In standard observability workflows, a strict trust boundary exists between the telemetry collection system and the monitored workloads. Inspektor Gadget violates this boundary by assuming all string fields populated by eBPF sensors are benign printable characters. Variables such as process names, file paths, and command-line arguments are ingested from the observed kernel structures and treated as safe terminal text.

The vulnerability is triggered by the presence of terminal control characters, specifically the Escape character (ASCII decimal 27, hex 0x1B). When followed by the left bracket [, it forms the Control Sequence Introducer (CSI). Terminal emulators parse the subsequent bytes as instructions for cursor manipulation, screen clearing, or text formatting.

Because buildFixedString does not neutralize CSI sequences, any terminal instruction injected into an eBPF string field is passed raw to the os.Stdout descriptor. The terminal emulator, functioning as designed, executes the control sequence in the context of the user running the ig binary. This architectural oversight effectively bridges an untrusted data source (container system calls) with a sensitive execution environment (the operator's terminal emulator).

To understand the exploitation mechanism, it is necessary to examine how modern VT100-compatible terminal emulators process standard input streams. Terminals operate as state machines that consume byte streams. They continuously distinguish between printable glyphs intended for visual display and control sequences intended for state mutation.

The parsing engine transitions into an instruction-processing state upon encountering the \x1b[ (CSI) sequence. The terminal reads subsequent parameter bytes (typically ASCII digits) and an intermediate byte before a final character dictates the specific operation. For example, the sequence \x1b[1A instructs the terminal to move the cursor up by one line, while \x1b[2K instructs it to erase the entire current line.

Terminal emulators differ in their support for extended escape sequences. While cursor manipulation is universally supported, some emulators implement features like the Operating System Command (OSC) sequence. OSC sequences can be used to modify the terminal window title, interact with the system clipboard, or, in legacy and poorly configured emulators, reflect strings back to the standard input buffer.

The severity of a terminal escape sequence injection vulnerability is directly proportional to the capabilities of the operator's terminal emulator. If an attacker injects a sequence that writes arbitrary data to the terminal's input buffer, they can effectively execute arbitrary commands in the context of the operator. Even restricted terminals remain fully susceptible to cursor manipulation, ensuring log spoofing is a viable attack vector across all environments.

An analysis of the patch introduced in commit d59cf72971f9b7110d9c179dc8ae8b7a11dbd6d2 highlights the exact mechanism used to remediate the vulnerability. Prior to the fix, the buildFixedString function evaluated the input string solely for geometric considerations. If the string exceeded the maximum column length, it was sliced and appended with an ellipsis.

The author addressed the issue by integrating the strconv package from the Go standard library. The patch introduces the strconv.Quote() function immediately before the length evaluation logic. This function safely quotes the provided string, converting non-printable characters and control codes into their literal escaped representations.

func (tf *TextColumnsFormatter[T]) buildFixedString(s string, length int, ellipsis bool) string {
    // [snip] Early returns for empty strings
 
    // Escape the string to avoid the terminal interpreting escape sequences.
    // strconv.Quote adds surrounding quotes, which are then sliced off.
    s = strconv.Quote(s)
    s = s[1 : len(s)-1]
 
    if !tf.options.ShouldTruncate {
        return s
    }
    // [snip] Truncation logic
}

The implementation specifically extracts the inner string by slicing s[1 : len(s)-1]. This removes the double quotes prepended and appended by strconv.Quote(). As a result, an attacker-provided byte 0x1B is converted into the literal four-byte string \x1b. The terminal emulator renders these literal characters visually instead of transitioning into the CSI parsing state.

This fix is robust as it leverages a hardened standard library function explicitly designed for safe string representation. It neutralizes the entire class of terminal injection attacks for the columnar output mode without requiring explicit blacklisting of specific ANSI sequences. It ensures that data extracted via eBPF is strictly treated as printable text by the final display layer.

Exploitation of CVE-2026-25996 requires the attacker to fulfill specific prerequisites. The attacker must possess the ability to execute code or invoke system calls within a container currently monitored by Inspektor Gadget. Concurrently, an administrator or automated system must be actively running the ig client utilizing the default columns rendering output.

The injection payload is delivered by passing strings containing ANSI escape sequences to system interfaces monitored by eBPF sensors. The official proof-of-concept demonstrates this by leveraging file system events. An attacker can write a C program that issues open system calls, directly dictating the filename parameters recorded by the kernel.

// Maliciously access a sensitive file
open("/etc/shadow", O_RDONLY);
 
// Create a file with a name containing escape sequences to hide the previous log entry
// \x1b[1A moves cursor up 1 line
// \x1b[1B moves cursor down
// \x1b[13C moves cursor forward 13 characters
open("/etc\x1b[1A/bashrc\x1b[1B\x1b[13C", O_CREAT | O_WRONLY | O_TRUNC, 0644);

In this exploit chain, the attacker first performs a sensitive operation, such as reading /etc/shadow. This generates an accurate audit log event in the ig output stream. Immediately following this, the attacker creates a file with an intentionally malformed name. This name contains the cursor-up sequence \x1b[1A and subsequent directional commands.

When Inspektor Gadget processes the second event, the terminal emulator moves the cursor up one line, placing it directly over the log entry for the /etc/shadow access. The emulator then renders the remaining characters of the malicious payload, physically overwriting the previous terminal text. The operator observing the output will solely see the spoofed bashrc entry, completely unaware that a sensitive file was accessed.

The primary impact of this vulnerability is a high-integrity compromise of the monitoring interface. By enabling attackers to dictate terminal cursor movements, they can selectively erase, modify, or spoof log entries in real-time. This effectively nullifies the utility of Inspektor Gadget as an auditing and security observation tool, granting attackers the ability to operate invisibly despite active monitoring.

Beyond log spoofing, the vulnerability introduces risks of arbitrary code execution depending on the terminal emulator in use. If an operator utilizes a terminal emulator that supports the reflection of control sequences back to standard input, an attacker can construct payloads that inject shell commands. When the ig process terminates or the operator switches focus, these commands are evaluated by the host shell.

The severity scoring reflects the contextual nature of the vulnerability. The NVD assigned a CVSS v3.1 score of 9.8 (Critical), evaluating the exploitability from a network perspective and assigning High impact to Confidentiality, Integrity, and Availability. This score operates under the assumption that the terminal emulator itself is entirely compromised by the escape sequences.

Conversely, the CVSS v4.0 score provided by the maintainers is 6.9 (Medium). This vector accurately utilizes the Subsequence System concept within CVSS v4.0. It defines the vulnerable system as the ig binary (where impact is zero) and the subsequent system as the terminal emulator (where integrity is impacted). This highlights a core difficulty in evaluating terminal injections: the vulnerability exists in the command-line tool, but the ultimate security failure occurs within the terminal emulator software.

The definitive remediation for CVE-2026-25996 is to update the Inspektor Gadget binary across all administrative workstations and deployment pipelines. Maintainers released version 0.49.1, which implements comprehensive string sanitization using the Go strconv package. Administrators must ensure that the ig tool is updated locally and within any automated observation scripts.

In environments where immediate patching is not technically feasible, a configuration workaround is available. Operators must explicitly avoid using the default columns output mode when observing untrusted workloads. Instead, they should append the -o json flag to all ig commands to force JSON-formatted output.

The JSON output mode inherently mitigates the vulnerability due to the structure of JSON serialization. The Go standard library JSON encoder automatically escapes non-printable characters and control codes to ensure the resulting output remains valid syntax. This architectural characteristic ensures the terminal emulator receives literal escaped strings instead of active CSI byte sequences.

As a defense-in-depth measure, security teams should mandate the use of hardened terminal emulators for administrative tasks. Emulators that disable dangerous sequence extensions (such as window title reflection or clipboard manipulation) limit the blast radius of terminal injection flaws. While hardened terminals do not prevent cursor manipulation and log spoofing, they eliminate the secondary risk of arbitrary command execution.