{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/aquasecurity/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:aquasec:trivy:*:*:*:*:*:go:*:*"],"_cs_cves":[{"cvss":6.5,"id":"CVE-2026-54448"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Trivy (\u003c 0.71.0)"],"_cs_severities":["low"],"_cs_tags":["supply-chain","vulnerability","denial-of-service","ci-cd"],"_cs_type":"advisory","_cs_vendors":["Aquasecurity"],"content_html":"\u003cp\u003eTrivy, an open-source vulnerability scanner from Aquasecurity, is affected by CVE-2026-54448, a denial-of-service vulnerability present in versions prior to 0.71.0. This flaw allows an attacker to exhaust system memory and trigger an Out-Of-Memory (OOM) kill of the Trivy process and potentially other co-located processes. The vulnerability occurs when Trivy scans a malicious Helm chart archive (\u003ccode\u003e.tgz\u003c/code\u003e file) as part of configuration, filesystem, or image scans with misconfiguration scanning enabled. Its custom tar unpacker attempts to read each archive entry into memory using \u003ccode\u003eio.ReadAll\u003c/code\u003e without any size limitations. A small, specially crafted compressed archive can decompress to gigabytes of data, rapidly consuming all available RAM. This can lead to CI pipeline failures, service disruptions, and increased cloud resource costs in affected environments. The issue was fixed in Trivy v0.71.0 by replacing the custom unpacker with the official Helm SDK's \u003ccode\u003earchive.LoadArchiveFiles\u003c/code\u003e, which enforces size limits and validates archive structure.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker creates a highly compressed \u003ccode\u003e.tgz\u003c/code\u003e Helm chart archive designed to decompress into an extremely large file, for example, by embedding a large number of null bytes.\u003c/li\u003e\n\u003cli\u003eThe attacker places this crafted \u003ccode\u003e.tgz\u003c/code\u003e file in a location that a vulnerable Trivy instance is configured to scan, such as a repository that a CI pipeline runs \u003ccode\u003etrivy config .\u003c/code\u003e on, or within a container image scanned for misconfigurations.\u003c/li\u003e\n\u003cli\u003eA vulnerable Trivy instance (version \u0026lt; 0.71.0) initiates a scan that includes the path containing the malicious \u003ccode\u003e.tgz\u003c/code\u003e file, for example, via \u003ccode\u003etrivy config \u0026lt;dir\u0026gt;\u003c/code\u003e, \u003ccode\u003etrivy filesystem --scanners misconf \u0026lt;dir\u0026gt;\u003c/code\u003e, or \u003ccode\u003etrivy image --scanners misconf \u0026lt;image\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eTrivy's internal tar unpacker encounters the malicious \u003ccode\u003e.tgz\u003c/code\u003e file and attempts to decompress and parse it as a Helm chart.\u003c/li\u003e\n\u003cli\u003eDue to the unbounded \u003ccode\u003eio.ReadAll\u003c/code\u003e implementation, Trivy attempts to read the entire decompressed (gigabytes-large) archive entry into memory without any size limits.\u003c/li\u003e\n\u003cli\u003eThe Trivy process rapidly consumes all available memory on the host system or CI runner where it is executing, leading to severe memory pressure.\u003c/li\u003e\n\u003cli\u003eThe operating system's Out-Of-Memory (OOM) killer is triggered in response to the memory exhaustion.\u003c/li\u003e\n\u003cli\u003eThe OOM killer forcibly terminates the Trivy process and potentially other processes sharing the same host, resulting in a denial of service (DoS) for the scanning operation and potential disruption to the CI pipeline or affected system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eAn attacker exploiting CVE-2026-54448 can cause a denial of service by exhausting all available memory on the host running the vulnerable Trivy process. This triggers the operating system's OOM killer, which terminates the Trivy process and may also affect other processes sharing the same host or CI runner. In CI/CD environments, the practical impact is that security scans fail, pipelines are blocked, and repeated submissions of malicious archives continue to disrupt operations. Cloud CI runners may also incur additional costs due to prolonged resource consumption attempts. There is no observed impact on the confidentiality or integrity of the scanned system itself, only its availability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Trivy to version \u003ccode\u003ev0.71.0\u003c/code\u003e or later immediately to patch CVE-2026-54448. The fix replaces the vulnerable custom tar unpacker with the official Helm SDK which includes size limits.\u003c/li\u003e\n\u003cli\u003eIf immediate upgrade is not possible, set memory limits (e.g., via cgroups or container runtime configurations) on the Trivy process to bound the blast radius of memory exhaustion.\u003c/li\u003e\n\u003cli\u003eUse the \u003ccode\u003e--skip-dirs\u003c/code\u003e flag to exclude directories containing untrusted Helm chart archives (\u003ccode\u003e.tgz\u003c/code\u003e files) from Trivy scans.\u003c/li\u003e\n\u003cli\u003eAvoid scanning repositories or container images that are known to contain untrusted \u003ccode\u003e.tgz\u003c/code\u003e files when using vulnerable versions of Trivy.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-14T20:24:57Z","date_published":"2026-07-14T20:24:57Z","id":"https://feed.craftedsignal.io/briefs/2026-07-trivy-oom/","summary":"Trivy versions prior to 0.71.0 are vulnerable to CVE-2026-54448, a denial-of-service attack where a crafted Helm chart archive (.tgz) can cause unbounded memory consumption, leading to the OS OOM killer terminating the Trivy process and other services on the host or CI runner.","title":"Trivy Unbounded Read Leads to Denial of Service via Helm Chart Tar Bomb","url":"https://feed.craftedsignal.io/briefs/2026-07-trivy-oom/"}],"language":"en","title":"CraftedSignal Threat Feed - Aquasecurity","version":"https://jsonfeed.org/version/1.1"}