VDB

GO-2026-4392

GO-2026-4392 PUBLISHED

malcontent OCI image pull credential exfiltration via malicious registry token realm in github.com/chainguard-dev/malcontent

Affected Products

VendorProductVersions
github.comchainguard-dev/malcontent0, 0
github.comchainguard-dev/bincapz0.10.0, 0.10.0

Timeline

  • Feb 19, 2026 CVE Published
  • Feb 19, 2026 CVE Updated
  • May 1, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›