diff --git a/advisories/github-reviewed/2026/04/GHSA-rmx9-2pp3-xhcr/GHSA-rmx9-2pp3-xhcr.json b/advisories/github-reviewed/2026/04/GHSA-rmx9-2pp3-xhcr/GHSA-rmx9-2pp3-xhcr.json
index 107d10fd71a6e..b42bd345b40d9 100644
--- a/advisories/github-reviewed/2026/04/GHSA-rmx9-2pp3-xhcr/GHSA-rmx9-2pp3-xhcr.json
+++ b/advisories/github-reviewed/2026/04/GHSA-rmx9-2pp3-xhcr/GHSA-rmx9-2pp3-xhcr.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rmx9-2pp3-xhcr",
-  "modified": "2026-04-27T16:15:24Z",
+  "modified": "2026-05-05T10:00:00Z",
   "published": "2026-04-21T16:25:19Z",
   "aliases": [
     "CVE-2026-25542"
   ],
   "summary": "Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching",
-  "details": "## Summary\n\nThe Trusted Resources verification system matches a resource source string (`refSource.URI`) against `spec.resources[].pattern` using Go's `regexp.MatchString`. In Go, `regexp.MatchString` reports a match if the pattern matches **anywhere** in the input string. As a result, common unanchored patterns—including examples found in Tekton documentation—can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This may cause an unintended policy match and alter which verification mode or keys are applied.\n\n## Affected Component\n\n- **Repository:** <https://github.com/tektoncd/pipeline>\n- **Commit:** `0133513db03dadb3cb08301d6b0330badcb63830`\n- **Call site:** `pkg/trustedresources/verify.go:118–137` (`getMatchedPolicies`)\n\n## Impact\n\nAn attacker can craft a Trusted Resources source string that embeds a trusted substring and still matches an unanchored `VerificationPolicy` `spec.resources[].pattern`, even if the policy is intended to constrain matches to a specific trusted source. This occurs because `regexp.MatchString` succeeds on substring matches. For example, a pattern such as `https://github.com/tektoncd/catalog.git` would match an attacker-controlled source like `https://evil.com/?x=https://github.com/tektoncd/catalog.git`.\n\n**Affected:** Deployments using Trusted Resources verification with unanchored `VerificationPolicy` patterns, where an attacker can influence the `refSource.URI` value used for policy matching.\n\n**Not affected:** Deployments that anchor all patterns (`^...$`) or otherwise enforce full-string matching; deployments where attackers cannot influence `refSource.URI`.\n\n## Reproduction\n\n### Canonical (Demonstrates Vulnerability)\n\n```bash\nunzip -q -o poc.zip -d /tmp/poc-tekton-regex-001\ncd /tmp/poc-tekton-regex-001/poc-F-TEKTON-REGEX-001\nbash ./run.sh canonical | tee /tmp/tekton-regex-001-canonical.log\n```\n\n- **Expected (secure):** Capability not reached; canonical does not emit vulnerability markers.\n- **Actual (vulnerable):** Capability reached; canonical emits vulnerability markers.\n- **Canonical markers (mandatory):** `[CALLSITE_HIT]` + `[PROOF_MARKER]`\n\n### Negative Control\n\n```bash\nbash ./run.sh control | tee /tmp/tekton-regex-001-control.log\n```\n\n- **Expected:** Capability not reached under the same harness; control emits the control marker and does not emit vulnerability markers.\n- **Control markers (mandatory):** `[CALLSITE_HIT]` + `[NC_MARKER]`\n\n### Verification\n\n```bash\ngrep -n '\\[PROOF_MARKER\\]' /tmp/tekton-regex-001-canonical.log \\\n  && grep -n '\\[NC_MARKER\\]' /tmp/tekton-regex-001-control.log \\\n  && ! grep -n '\\[PROOF_MARKER\\]' /tmp/tekton-regex-001-control.log\n```\n\n## Suggested Fix\n\nIt is recommended to make matching safe-by-default by requiring full-string matches, or by validating patterns and clearly documenting substring semantics. Possible approaches include:\n\n1. **Anchor patterns before matching** — e.g., wrap `pattern` as `^(?:pattern)$` when not already anchored.\n2. **Introduce a separate field** for exact match vs. regex match semantics.\n3. **Document substring semantics explicitly** and update all documentation examples to include anchors.\n\nA fix is considered accepted when, under the same harness, the canonical test still hits `[CALLSITE_HIT]` but **does not** emit `[PROOF_MARKER]`.\n\n## Workarounds\n\nAnchor all `VerificationPolicy` resource patterns so they must match the full source string. For example:\n\n```yaml\npattern: \"^https://github\\\\.com/tektoncd/catalog\\\\.git$\"\n```\n\n## Proof Bundle\n\n- **Bundle:** [poc.zip](https://github.com/user-attachments/files/24833926/poc.zip)\n- **Convention:** The zip extracts under a single top-level folder (`poc-F-TEKTON-REGEX-001/`) to avoid collisions.\n- **Contains:** `canonical.log`, `control.log`, `witness.txt`\n- **Extracted paths:** `./poc/poc-F-TEKTON-REGEX-001/canonical.log`, `./poc/poc-F-TEKTON-REGEX-001/control.log`, `./poc/poc-F-TEKTON-REGEX-001/witness.txt`\n- **Integrity verification:** Compare `shasum -a 256` for `canonical.log`, `control.log`, `fix.patch`, and test source against `witness.txt`.\n\n> **Note:** If a supported integration uses verified HTTPS app-links or universal links only, provide the supported tag or branch and retesting on that pin can be arranged.",
+  "details": "## Summary\n\nThe Trusted Resources verification system matches a resource source string (`refSource.URI`) against `spec.resources[].pattern` using Go's `regexp.MatchString`. In Go, `regexp.MatchString` reports a match if the pattern matches **anywhere** in the input string. As a result, common unanchored patterns\u2014including examples found in Tekton documentation\u2014can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This may cause an unintended policy match and alter which verification mode or keys are applied.\n\n## Affected Component\n\n- **Repository:** <https://github.com/tektoncd/pipeline>\n- **Commit:** `0133513db03dadb3cb08301d6b0330badcb63830`\n- **Call site:** `pkg/trustedresources/verify.go:118\u2013137` (`getMatchedPolicies`)\n\n## Impact\n\nAn attacker can craft a Trusted Resources source string that embeds a trusted substring and still matches an unanchored `VerificationPolicy` `spec.resources[].pattern`, even if the policy is intended to constrain matches to a specific trusted source. This occurs because `regexp.MatchString` succeeds on substring matches. For example, a pattern such as `https://github.com/tektoncd/catalog.git` would match an attacker-controlled source like `https://evil.com/?x=https://github.com/tektoncd/catalog.git`.\n\n**Affected:** Deployments using Trusted Resources verification with unanchored `VerificationPolicy` patterns, where an attacker can influence the `refSource.URI` value used for policy matching.\n\n**Not affected:** Deployments that anchor all patterns (`^...$`) or otherwise enforce full-string matching; deployments where attackers cannot influence `refSource.URI`.\n\n## Reproduction\n\n### Canonical (Demonstrates Vulnerability)\n\n```bash\nunzip -q -o poc.zip -d /tmp/poc-tekton-regex-001\ncd /tmp/poc-tekton-regex-001/poc-F-TEKTON-REGEX-001\nbash ./run.sh canonical | tee /tmp/tekton-regex-001-canonical.log\n```\n\n- **Expected (secure):** Capability not reached; canonical does not emit vulnerability markers.\n- **Actual (vulnerable):** Capability reached; canonical emits vulnerability markers.\n- **Canonical markers (mandatory):** `[CALLSITE_HIT]` + `[PROOF_MARKER]`\n\n### Negative Control\n\n```bash\nbash ./run.sh control | tee /tmp/tekton-regex-001-control.log\n```\n\n- **Expected:** Capability not reached under the same harness; control emits the control marker and does not emit vulnerability markers.\n- **Control markers (mandatory):** `[CALLSITE_HIT]` + `[NC_MARKER]`\n\n### Verification\n\n```bash\ngrep -n '\\[PROOF_MARKER\\]' /tmp/tekton-regex-001-canonical.log \\\n  && grep -n '\\[NC_MARKER\\]' /tmp/tekton-regex-001-control.log \\\n  && ! grep -n '\\[PROOF_MARKER\\]' /tmp/tekton-regex-001-control.log\n```\n\n## Suggested Fix\n\nIt is recommended to make matching safe-by-default by requiring full-string matches, or by validating patterns and clearly documenting substring semantics. Possible approaches include:\n\n1. **Anchor patterns before matching** \u2014 e.g., wrap `pattern` as `^(?:pattern)$` when not already anchored.\n2. **Introduce a separate field** for exact match vs. regex match semantics.\n3. **Document substring semantics explicitly** and update all documentation examples to include anchors.\n\nA fix is considered accepted when, under the same harness, the canonical test still hits `[CALLSITE_HIT]` but **does not** emit `[PROOF_MARKER]`.\n\n## Workarounds\n\nAnchor all `VerificationPolicy` resource patterns so they must match the full source string. For example:\n\n```yaml\npattern: \"^https://github\\\\.com/tektoncd/catalog\\\\.git$\"\n```\n\n## Proof Bundle\n\n- **Bundle:** [poc.zip](https://github.com/user-attachments/files/24833926/poc.zip)\n- **Convention:** The zip extracts under a single top-level folder (`poc-F-TEKTON-REGEX-001/`) to avoid collisions.\n- **Contains:** `canonical.log`, `control.log`, `witness.txt`\n- **Extracted paths:** `./poc/poc-F-TEKTON-REGEX-001/canonical.log`, `./poc/poc-F-TEKTON-REGEX-001/control.log`, `./poc/poc-F-TEKTON-REGEX-001/witness.txt`\n- **Integrity verification:** Compare `shasum -a 256` for `canonical.log`, `control.log`, `fix.patch`, and test source against `witness.txt`.\n\n> **Note:** If a supported integration uses verified HTTPS app-links or universal links only, provide the supported tag or branch and retesting on that pin can be arranged.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -28,7 +28,83 @@
               "introduced": "0.43.0"
             },
             {
-              "fixed": "1.11.0"
+              "fixed": "1.0.2"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/tektoncd/pipeline"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.1.0"
+            },
+            {
+              "fixed": "1.3.4"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/tektoncd/pipeline"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.4.0"
+            },
+            {
+              "fixed": "1.6.2"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/tektoncd/pipeline"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.7.0"
+            },
+            {
+              "fixed": "1.9.3"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/tektoncd/pipeline"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.10.0"
+            },
+            {
+              "fixed": "1.11.1"
             }
           ]
         }
@@ -58,7 +134,7 @@
     },
     {
       "type": "WEB",
-      "url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.0"
+      "url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
     }
   ],
   "database_specific": {
@@ -70,4 +146,4 @@
     "github_reviewed_at": "2026-04-21T16:25:19Z",
     "nvd_published_at": "2026-04-21T17:16:24Z"
   }
-}
\ No newline at end of file
+}