QwikSec

Security Database

CVE

CWE

Training

CVE-2026-28407

Published: Feb 27, 2026

Modified: Mar 2, 2026

PUBLISHED

Description

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Version 1.21.0 fixes the issue.

Vendor	Product	Versions
chainguard-dev	malcontent	affected `< 1.21.0`

Weaknesses (CWE)

References

https://github.com/chainguard-dev/malcontent/security/advisories/GHSA-945p-3jhm-6rcp

x_refsource_CONFIRM

https://github.com/chainguard-dev/malcontent/pull/1383

x_refsource_MISC

https://github.com/chainguard-dev/malcontent/commit/356c56659ccfcad0b249a97de8cf71f151ed3ee9

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.