PatchSiren

Chainguard CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Chainguard CVE published 2026-02-27

CVE-2026-28406

CVE-2026-28406 is a high-severity vulnerability in Kaniko, a tool for building container images from a Dockerfile within a container or Kubernetes cluster. The issue, which exists from version 1.25.4 up to but not including 1.25.10, arises from Kaniko's insecure handling of tar entries during the extraction of build context archives. Specifically, the use of `filepath.Join(dest, cleanedName)` without prop [truncated]