HIGH
Chainguard
CVE published 2026-02-27
CVE-2026-28406
CVE-2026-28406 is a high-severity vulnerability in Kaniko, a tool for building container images from a Dockerfile within a container or Kubernetes cluster. The issue, which exists from version 1.25.4 up to but not including 1.25.10, arises from Kaniko's insecure handling of tar entries during the extraction of build context archives. Specifically, the use of `filepath.Join(dest, cleanedName)` without prop [truncated]