Moderate severity5.9NVD Advisory· Published Jul 1, 2026
oras-go: Oras-go: Information disclosure and arbitrary file access via crafted tarball hardlinks
CVE-2026-50163
Description
oras-go: Oras-go: Information disclosure and arbitrary file access via crafted tarball hardlinks
Affected products
19- osv-coords18 versionspkg:apk/chainguard/oraspkg:apk/chainguard/oras-fipspkg:apk/chainguard/ratifypkg:apk/chainguard/ratify-fipspkg:apk/chainguard/ratify-fips-licensecheckerpkg:apk/chainguard/ratify-fips-sbompkg:apk/chainguard/ratify-fips-schemavalidatorpkg:apk/chainguard/ratify-fips-vulnerabilityreportpkg:apk/chainguard/ratify-licensecheckerpkg:apk/chainguard/ratify-sbompkg:apk/chainguard/ratify-schemavalidatorpkg:apk/chainguard/ratify-vulnerabilityreportpkg:apk/wolfi/oraspkg:apk/wolfi/ratifypkg:apk/wolfi/ratify-licensecheckerpkg:apk/wolfi/ratify-sbompkg:apk/wolfi/ratify-schemavalidatorpkg:apk/wolfi/ratify-vulnerabilityreport
< 1.3.3-r0+ 17 more
- (no CPE)range: < 1.3.3-r0
- (no CPE)range: < 1.3.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.3.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
- (no CPE)range: < 1.4.3-r0
Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.