Moderate severityNVD Advisory· Published Feb 27, 2026· Updated Mar 2, 2026
malcontent's nested archive extraction failure can drop content from scan inputs
CVE-2026-28407
Description
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Version 1.21.0 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/chainguard-dev/malcontentGo | < 1.21.0 | 1.21.0 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/chainguard-dev/malcontentpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 1.21.0+ 1 more
- (no CPE)range: < 1.21.0
- (no CPE)range: < 0.0.20260317T205859-150000.1.152.1
- Range: < 1.21.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-945p-3jhm-6rcpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-28407ghsaADVISORY
- github.com/chainguard-dev/malcontent/commit/356c56659ccfcad0b249a97de8cf71f151ed3ee9ghsax_refsource_MISCWEB
- github.com/chainguard-dev/malcontent/pull/1383ghsax_refsource_MISCWEB
- github.com/chainguard-dev/malcontent/security/advisories/GHSA-945p-3jhm-6rcpghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.