CVE-2026-33481

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Syft versions prior to 1.42.3

Description Syft did not properly remove temporary files if temporary storage became full during a scan. This occurred when unpacking archives, specifically with large or highly compressed archives. The issue caused Syft to exit without deleting temporary files, leading to depletion of temporary storage and potentially preventing future Syft runs or other system utilities from functioning correctly.

Recommendations Update to version 1.42.3 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-460

Related Identifiers

CLEANSTART-2026-WN01990

CVE-2026-33481

GHSA-RJCW-VG7J-M9RC

GO-2026-4809

SUSE-SU-2026:1135-1

Affected Products

Syft

CVE-2026-33481

Weakness Enumeration

Related Identifiers

Affected Products

References · 216