CVE-2026-24845

Name of the Vulnerable Software and Affected Versions malcontent versions 0.10.0 through 1.20.3

Description malcontent could reveal Docker registry credentials when scanning a manipulated OCI image reference. The software utilizes google/go-containerregistry for OCI image pulls, which defaults to the Docker credential keychain. A malicious registry could send a WWW-Authenticate header, redirecting token authentication to an attacker-controlled endpoint, potentially transmitting credentials to that endpoint. The issue stems from how malcontent handles OCI image pulls and the default authentication mechanism used by google/go-containerregistry.

Recommendations versions prior to 1.20.3 should be updated to version 1.20.3 or later.