VDB
GO-2026-4577
GO-2026-4577
PUBLISHED
malcontent: Nested archive extraction failure can drop content from scan inputs in github.com/chainguard-dev/malcontent
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | chainguard-dev/malcontent | 0, 0 |
Timeline
- Mar 10, 2026 CVE Published
- Mar 23, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/chainguard-dev/malcontent/security/advisories/GHSA-945p-3jhm-6rcp advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-28407 advisory
- https://github.com/chainguard-dev/malcontent/commit/356c56659ccfcad0b249a97de8cf71f151ed3ee9 patch
- https://github.com/chainguard-dev/malcontent/pull/1383 patch