PT-2026-22408 · Unknown · Malcontent

1Seal

·

Published

2026-02-27

·

Updated

2026-03-25

·

CVE-2026-28407

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions malcontent versions prior to 1.21.0
Description malcontent is software designed for identifying supply-chain compromises using context, differential analysis, and YARA. Before version 1.21.0, the software removed nested archives that failed to extract, potentially allowing malicious content to remain undetected. The issue is addressed by preserving these archives to enable a best-effort scan of the archive bytes.
Recommendations Update to version 1.21.0 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-703

Related Identifiers

CVE-2026-28407
GHSA-945P-3JHM-6RCP
GO-2026-4577
SUSE-SU-2026:1042-1

Affected Products

Malcontent