CVE-2026-28407
Received Received - Intake
Improper Archive Handling in malcontent Allows Malicious Content Retention

Publication date: 2026-02-27

Last updated on: 2026-03-03

Assigner: GitHub, Inc.

Description
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Version 1.21.0 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-03-03
Generated
2026-06-16
AI Q&A
2026-02-28
EPSS Evaluated
2026-06-14
NVD
CVE-2026-28407
EUVD
EUVD-2026-9078
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
chainguard malcontent to 1.21.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-703 The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in malcontent prior to version 1.21.0 involves the software removing nested archives that failed to extract. This behavior could potentially leave malicious content undetected because those nested archives were discarded instead of being scanned.

The improved approach, implemented in version 1.21.0, preserves these nested archives so that malcontent can attempt a best-effort scan of the archive bytes, reducing the risk of missing malicious content.

Impact Analysis

This vulnerability can impact you by allowing malicious content hidden within nested archives to go undetected during supply-chain compromise scans. Since malcontent would remove nested archives that failed to extract, any malware or malicious code inside those archives might remain unnoticed, increasing the risk of a supply-chain attack.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, upgrade malcontent to version 1.21.0 or later, as this version fixes the issue by preserving nested archives that fail to extract, allowing for a more thorough scan of potentially malicious content.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28407. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart