Inspektor Gadget Completes First Independent Security Audit, Validates Open Source eBPF Observability for Production Use

The Cloud Native Computing Foundation (CNCF) project Inspektor Gadget has published results from its first independent security audit, a milestone that confirms the eBPF-based observability toolkit is suitable for production Kubernetes environments and Linux host inspection workflows. Conducted by security firm Shielder via the Open Source Technology Improvement Fund (OSTIF), the audit found no critical or high-severity vulnerabilities, with all identified issues patched in recent releases. For cloud teams evaluating open source observability tools, this audit provides concrete, third-party verified data to inform deployment decisions, particularly for organizations with strict security compliance requirements.

What Changed: Audit Scope, Findings, and Remediation

Inspektor Gadget is a framework and toolkit that uses eBPF (extended Berkeley Packet Filter) technology to collect and inspect data from Kubernetes clusters and Linux hosts. It packages eBPF programs as OCI images (Open Container Initiative standard), which allows distribution via any compliant container registry and deployment using standard container tooling. Unlike observability tools that require application instrumentation, eBPF programs run sandboxed in the Linux kernel, so applications continue operating without changes while Inspektor Gadget collects data on syscalls, network activity, file access, and other system events. Core maintainers include Microsoft engineers Francis Laniel and Mauricio Vasquez, reflecting Microsoft's multi-year commitment to the project and ensuring tight integration with Azure Kubernetes Service (AKS).

The audit was facilitated by the CNCF through OSTIF, a nonprofit that has managed security engagements for over 120 open source projects, uncovering more than 800 vulnerabilities in the past decade. OSTIF engaged Italian security firm Shielder to perform the assessment in early 2026. The research team combined collaborative threat modeling with Inspektor Gadget maintainers, manual source code review, dynamic testing across three dedicated environments (local Linux host, remote daemon deployment, minikube Kubernetes cluster), static analysis using Semgrep and GoSec, and AI-assisted code review for broader coverage.

Audit Findings

The assessment identified three vulnerabilities, none of which were rated critical or high severity. All have been patched in publicly available releases:

1. CVE-2026-24905: Command Injection in ig image build (Medium) – The process for building gadget OCI images used Makefiles that embedded user-controlled input without proper escaping, creating a command injection vector. This risk is most relevant for CI/CD pipelines that build untrusted gadget images, where an attacker could inject malicious commands into the build process. The issue was fixed in release v0.48.1.

2. Denial of Service via Event Flooding (Medium) – The eBPF ring buffer used to pass event data from the kernel to user space was hard-coded to 256KB. A malicious container could flood this buffer with events, causing the system to silently drop events from other containers. For teams using Inspektor Gadget for security monitoring, this could allow an attacker to hide malicious activity by overwhelming the event pipeline. The fix was included in release v0.50.1, which makes the ring buffer size configurable and adds backpressure to prevent flooding.

3. CVE-2026-25996: Unsanitized ANSI Escape Sequences in columns output mode (Low) – When displaying events in terminal column view, Inspektor Gadget did not strip ANSI escape sequences. A compromised container could inject terminal control codes into event output, allowing attackers to manipulate the operator's terminal session, for example by hiding malicious output or executing unintended commands. This was fixed in release v0.49.1.

Hardening Recommendations

Beyond specific vulnerabilities, Shielder provided six non-exploit hardening recommendations to reduce the project's long-term attack surface:

• Enforce TLS by default on TCP listeners: The Inspektor Gadget daemon currently logs a warning and continues operating in plaintext if TLS is not configured. The recommendation is to require an explicit opt-out flag to use unencrypted TCP, preventing accidental exposure of sensitive event data.
• Pin and verify external dependencies in CI/CD: Several build dependencies were downloaded without hash or signature verification, creating a supply chain risk. The maintainer team has already addressed most of these issues via pull requests.
• Implement a Kubernetes namespace blocklist: Add functionality to prevent tracing of sensitive namespaces such as kube-system by default, reducing the risk of exposing control plane activity.
• Restrict remote clients from enabling host-level tracing: Remote requests to enable host-level tracing via the daemon should require additional authentication, or the risk should be clearly documented for operators.
• Automate third-party vulnerability scanning: Integrate automated dependency scanning into CI/CD pipelines to catch vulnerable dependencies before release.
• Reduce RBAC permissions on the DaemonSet pod: The current DaemonSet configuration grants nodes/proxy GET permission, which could be used for privilege escalation if a service account token is compromised. This requires coordination with Kubernetes distribution maintainers to avoid breaking existing functionality.

Gadget Bypass Testing

A notable component of the audit was gadget bypass testing, which evaluated whether a compromised container could perform operations without triggering Inspektor Gadget events. The researchers identified six bypass scenarios, including use of newer Linux syscalls not hooked by existing gadgets (such as openat2 instead of openat), evasion via io_uring (an asynchronous I/O interface that bypasses traditional syscall paths), and use of statically linked libraries that avoid dynamically linked syscall wrappers. These findings highlight the ongoing challenge of kernel-level tracing as Linux evolves: no eBPF tool can trace all possible system activity, especially as new kernel interfaces are added. The Inspektor Gadget team has fixed several of these bypasses and is documenting inherent limitations to set clear user expectations.

Provider Comparison: Inspektor Gadget vs Alternative Observability Tools

When evaluating observability tools for Kubernetes and Linux environments, Inspektor Gadget sits alongside several proprietary and open source alternatives. Below is a strategic comparison across key decision factors:

Open Source eBPF Alternatives

• Cilium: A CNCF project focused on Kubernetes networking and security, Cilium uses eBPF for network policy enforcement and basic observability. It is not purpose-built for general observability or host inspection, making it a poor fit for debugging or incident response use cases where raw system data is required.
• Falco: A runtime security tool that uses eBPF to detect suspicious activity against pre-built threat detection rules. Falco is optimized for security alerting rather than general observability, so it lacks the flexible data collection capabilities of Inspektor Gadget for custom analysis.
• Inspektor Gadget: Purpose-built for observability and inspection, it supports a wide range of data collection use cases, from network tracing to file access auditing, with no requirement for application changes.

Proprietary Cloud Provider Tools

All major cloud providers offer eBPF-based observability tools, but these are tied to their specific ecosystems:

• AWS CloudWatch Container Insights: Uses eBPF for container observability on EKS, but is proprietary with usage-based pricing (charged per container per hour and per GB of data ingested). It does not support non-AWS environments.
• GCP Cloud Monitoring for GKE: Provides eBPF-based observability for GKE clusters, also proprietary with pricing tied to data ingestion and metric volume. No support for non-GCP Kubernetes distributions.
• Azure Monitor for Containers: Integrates with Inspektor Gadget directly, since Microsoft maintains the project. AKS users can deploy Inspektor Gadget with native Azure Monitor integration, no additional licensing costs, and support for hybrid AKS deployments (on-prem or edge).

Pricing and Portability

Inspektor Gadget is licensed under Apache 2.0, with no licensing fees. It runs on any Linux host and any Kubernetes distribution, including EKS, GKE, AKS, OpenShift, and on-prem environments. Proprietary tools charge recurring fees that scale with deployment size, creating significant cost overhead for large or multi-cloud environments. For organizations with hybrid or multi-cloud strategies, Inspektor Gadget eliminates vendor lock-in by providing a single tool that works across all infrastructure.

Business Impact: Strategic Considerations for Cloud Teams

The audit results have immediate and long-term implications for organizations deploying or evaluating Inspektor Gadget:

Immediate Action Items

All production users should update to v0.50.1 or later, which includes patches for all three identified vulnerabilities. The update process is low risk, as the fixes are targeted and backward compatible. Teams should also review the hardening recommendations and apply relevant changes, such as enabling TLS for daemon TCP listeners and reducing DaemonSet RBAC permissions, based on their security requirements.

Compliance and Trust

Organizations with compliance obligations (PCI DSS, HIPAA, SOC 2) often require independent security audits for tools used in production. This OSTIF-facilitated audit provides documented evidence of Inspektor Gadget's security posture, addressing common concerns about open source tools being less secure than proprietary alternatives. The fact that all vulnerabilities were patched quickly by maintainers demonstrates an active, responsive development team.

Multi-Cloud and Cost Strategy

For teams with multi-cloud or hybrid infrastructure, Inspektor Gadget reduces operational overhead by providing a single observability tool across all environments. Training, deployment, and maintenance processes can be standardized, rather than managing separate tools for each cloud provider. The lack of licensing fees also reduces total cost of ownership, especially for large-scale deployments where proprietary tool costs can reach six or seven figures annually.

Risk Management

The bypass testing results confirm that Inspektor Gadget should be part of a layered defense strategy, not a single source of truth for security or observability. Teams should combine it with runtime security tools like Falco, network policy tools like Cilium, and application-level observability (Prometheus, Jaeger) to cover gaps in tracing coverage. The maintainer team's transparency about bypass limitations helps teams set realistic expectations for what the tool can and cannot detect.

Migration Considerations

For teams using proprietary eBPF tools, migrating to Inspektor Gadget is straightforward: it uses OCI image packaging, so deployment follows standard container workflows. For teams using non-eBPF observability tools, the primary benefit is no requirement for application instrumentation, which reduces time to visibility for un-instrumented, legacy, or third-party applications. A phased migration approach works best: deploy Inspektor Gadget alongside existing tools, validate data parity, then gradually phase out legacy tools as confidence grows.

The full audit report, CVE details, and release notes are available on the Inspektor Gadget GitHub repository and the project blog.