CVE-2026-54448
CVE Details
Visit the official vulnerability details page for CVE-2026-54448 to learn more.
Initial Publication
06/25/2026
Last Update
06/26/2026
Third Party Dependency
github.com/aquasecurity/trivy
NIST CVE Summary
Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAll(tr) and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to gigabytes, causing the Trivy process to be killed by the OS OOM killer. This vulnerability is fixed in 0.71.0.
CVE Severity
Our Official Summary
Investigation is ongoing to determine how this vulnerability affects our products.
Status
Analyzed
Affected Products & Versions
| Version | PaletteAI | PaletteAI VerteX |
|---|---|---|
| 1.1.8 | ⚠️ Impacted | ⚠️ Impacted |
Revision History
No revisions available.