CNNVD-202602-597 Information

CNNVD ID

CNNVD-202602-597

Related CVE

CVE-2026-25121

• CNNVD Published: 2026-02-04

Description (Chinese)

apko是apko开源的一个基于 apk 的 OCI 镜像构建器。 apko 0.14.8版本至1.1.1之前版本存在安全漏洞，该漏洞源于dirFS文件系统抽象层存在路径遍历漏洞，可能导致在预期安装根目录外创建目录或符号链接。

Description (English)

Apko is an apko based OCI mirror builder. There was a security loophole in the pre-versions of apko 0.14.8 to 1.1.1, which stemmed from a loophole in the abstract layer of the dirFS file system, which could lead to the creation of a directory or a symbol link outside the expected installation of a root directory.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

apko

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/chainguard-dev/apko/commit/d8b7887a968a527791b3c591ae83928cb49a9f14 https://github.com/chainguard-dev/apko/security/advisories/GHSA-5g94-c2wx-8pxw https://access.redhat.com/security/cve/cve-2026-25121

Patch

https://github.com/chainguard-dev/apko/releases