What is CVE-2026-24846?

CVE-2026-24846 is a medium-severity vulnerability in Chainguard-dev Malcontent, classified under Path Traversal. CVSS score: 5.5/10. Published 2026-01-29.

How severe is CVE-2026-24846?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Path Traversal in Chainguard-dev Malcontent

CVE-2026-24846

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory w…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (0.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N.

Affected products

Chainguard-dev Malcontent — versions >= 1.8.0, < 1.20.3

Weakness classification (CWE)

References

https://github.com/chainguard-dev/malcontent/security/advisories/GHSA-923j-vrcg-hxwh (x_refsource_CONFIRM)
https://github.com/chainguard-dev/malcontent/commit/259fca5abc004f3ab238895463ef280a87f30e96 (x_refsource_MISC)
https://github.com/chainguard-dev/malcontent/commit/a7dd8a5328ddbaf235568437813efa7591e00017 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-24846?: CVE-2026-24846 is a medium-severity vulnerability in Chainguard-dev Malcontent, classified under Path Traversal. CVSS score: 5.5/10. Published 2026-01-29.
How severe is CVE-2026-24846?: Medium severity. CVSS v3 base score is 5.5 out of 10.