Description
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via `io.Copy` with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's configuration can serve a crafted image containing a decompression bomb that decompresses to an arbitrarily large file. The SHA256 integrity check occurs after the full file is written to disk, meaning the hash mismatch is detected only after the damage (disk exhaustion) has already occurred. This allow the attacker to replace **legit plugin image** with no need to change its signature. Version 2.5.3 contains a patch.
Published: 2026-04-21
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service through disk exhaustion (and possible unauthorized plugin replacement).
Action: Patch
AI Analysis

Impact

OpenBao’s OCI plugin downloader performs an unbounded io.Copy when extracting a plugin binary from a container image. An attacker who can supply a malicious image to the OCI registry can embed a decompression bomb that expands into an arbitrarily large file. Because the SHA256 integrity check is only performed after the file has been fully written, the hash mismatch is detected only after disk space has been exhausted. The result is a denial‑of‑service condition and the attacker can replace a legitimate plugin image without altering its signature.

Affected Systems

This flaw affects all deployments of the openbao product that use the OCI plugin downloader, specifically any instance running OpenBao before version 2.5.3. The affected vendor and product are OpenBao, an open‑source identity‑based secrets management system.

Risk and Exploitability

The CVSS score is 3.1, indicating a low severity. The EPSS score is <1%, and the vulnerability is not listed in the CISA KEV catalog. The attack requires the ability to control or compromise the OCI registry referenced by the victim; once a crafted image is served, the unbounded copy will drain disk space. The impact is limited to the service process that performs the extraction, but repeated or automated attacks could cripple the host and allow the attacker to replace the plugin binary after the integrity check fails.

Generated by OpenCVE AI on April 21, 2026 at 23:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenBao to version 2.5.3 or later, which limits the amount of data written during extraction.
  • Restrict access to the OCI registry your OpenBao instance uses by enabling authentication and enabling TLS, so that only trusted registries can supply images.
  • Temporarily disable the OCI plugin extraction feature until a patched version is available, or use an alternate trusted source for plugin binaries.

Generated by OpenCVE AI on April 21, 2026 at 23:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-r65v-xgwc-g56j OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)
History

Fri, 01 May 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openbao:openbao:*:*:*:*:*:*:*:*

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Openbao
Openbao openbao
Vendors & Products Openbao
Openbao openbao

Tue, 21 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via `io.Copy` with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's configuration can serve a crafted image containing a decompression bomb that decompresses to an arbitrarily large file. The SHA256 integrity check occurs after the full file is written to disk, meaning the hash mismatch is detected only after the damage (disk exhaustion) has already occurred. This allow the attacker to replace **legit plugin image** with no need to change its signature. Version 2.5.3 contains a patch.
Title OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)
Weaknesses CWE-400
CWE-674
CWE-770
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L'}

Subscriptions

Openbao Openbao
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-21T19:49:18.821Z

Reserved: 2026-04-06T22:06:40.516Z

Link: CVE-2026-39396

cve-icon Vulnrichment

Updated: 2026-04-21T15:57:14.548Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T01:16:06.507

Modified: 2026-05-01T16:36:07.413

Link: CVE-2026-39396

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T23:15:03Z

Weaknesses