Skip to main content
Version: v1.1.x

CVE-2026-15028

CVE Details

Visit the official vulnerability details page for CVE-2026-15028 to learn more.

Initial Publication

07/10/2026

Last Update

07/13/2026

Third Party Dependency

libarchive

NIST CVE Summary

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.

CVE Severity

3.9

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

Status

Awaiting Analysis

Affected Products & Versions

VersionPaletteAIPaletteAI VerteX
1.1.8⚠️ Impacted⚠️ Impacted

Revision History

No revisions available.