VDB
CVE-2026-25145
CVE-2026-25145
PUBLISHED
CVSS 5.5 MEDIUM
melange has a path traversal in license-path which allows reading files outside workspace
EPSS 0.00% · 0.2th percentile
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
0.00%
0.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| chainguard.dev | melange | 0.14.0, 0.14.0 |
| chainguard | melange | 0.14.0, 0.14.0 |
| chainguard-dev | melange | >= 0.14.0, < 0.40.3, >= 0.14.0, < 0.40.3 |
Timeline
- Feb 4, 2026 CVE Published
- Feb 5, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
- Feb 9, 2026 EPSS Score
- Feb 12, 2026 EPSS Score
- Feb 12, 2026 Security Advisory
- Feb 14, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 18, 2026 EPSS Score
- Feb 20, 2026 EPSS Score
- Feb 22, 2026 EPSS Score
- Feb 25, 2026 EPSS Score