CVE-2026-54448

ADVISORY - github

Summary

Summary

When Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAll(tr) and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to gigabytes, causing the Trivy process to be killed by the OS OOM killer.

Affected configurations

Exploitation requires the attacker to place a crafted .tgz file in a location that Trivy will scan as a Helm chart. This applies to the following scan targets:

Command Condition
trivy config <dir> Directory contains a crafted .tgz Helm chart (misconfiguration scanning is always enabled)
trivy filesystem --scanners misconf <dir> Directory contains a crafted .tgz Helm chart and --scanners misconf is explicitly enabled
trivy image --scanners misconf <image> Image contains a crafted .tgz Helm chart and --scanners misconf is explicitly enabled

Realistic scenarios include:

  • A CI pipeline that runs trivy config . on a repository where a contributor can submit a pull request containing a crafted chart archive.
  • A pipeline that scans a container image with --scanners misconf, whose build context includes untrusted .tgz files.

Impact

An attacker who satisfies the conditions above can exhaust all available memory on the host running Trivy. The OS OOM killer will terminate the Trivy process and may affect other processes sharing the same host or CI runner.

The practical impact in CI environments is denial of service: the scan fails, the pipeline is blocked, and repeated submissions re-trigger the same condition. Cloud CI runners may also incur additional costs for consumed resources.

There is no impact on confidentiality or integrity of the scanned system.

Patches

Fixed in Trivy v0.71.0 (#10718). The custom tar unpacker was replaced with archive.LoadArchiveFiles from the official helm.sh/helm/v4 SDK, which enforces per-entry and total size limits and validates archive structure. Users should upgrade to v0.71.0 or later.

Workarounds

If upgrading is not immediately possible:

  • Set a memory limit (cgroup/container) on the Trivy process to bound the blast radius.
  • Use --skip-dirs to exclude directories containing untrusted Helm chart archives from the scan.
  • Avoid scanning repositories or images with untrusted .tgz files.

Credits

Reported by @jamesgol.

EPSS Score: 0.0025 (0.162)

Common Weakness Enumeration (CWE)

ADVISORY - github

Uncontrolled Resource Consumption

Allocation of Resources Without Limits or Throttling

Memory Allocation with Excessive Size Value


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in