CVE-2026-24846 | chainguard-dev malcontent up to 1.20.2 Tar handleSymlink path traversal (GHSA-923j-vrcg-hxwh)

Inserito da Angelo Barbosa | Gen 30, 2026 | CVE

A vulnerability described as critical has been identified in chainguard-dev malcontent up to 1.20.2. This issue affects the function handleSymlink of the component Tar Handler. The manipulation results in path traversal.

This vulnerability is identified as CVE-2026-24846. The attack is only possible with local access. There is not any exploit available.

Upgrading the affected component is recommended.

CVE-2026-24846 | chainguard-dev malcontent up to 1.20.2 Tar handleSymlink path traversal (GHSA-923j-vrcg-hxwh)

Post correlati

CVE-2022-49387 | Linux Kernel up to 5.17.14/5.18.3 watchdog: rzg2l_wdt timer_cycle_us Privilege Escalation

CVE-2024-8690 | Palo Alto Networks Cortex XDR Agent up to 7.9.102-CE on Windows Detection Mechanism expected behavior violation

CVE-2024-39934 | Robotmk up to 2.0.0 Local Privilege Escalation

CVE-2025-0803 | Codezips Gym Management System 1.0 submit_plan_new.php planid sql injection