Description
Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAll(tr) and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to gigabytes, causing the Trivy process to be killed by the OS OOM killer. This vulnerability is fixed in 0.71.0.
Published: 2026-06-25
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Trivy, a security scanner, contains a flaw in its Helm chart unpacker that reads tar entries with io.ReadAll without imposing a size limit. An attacker who can supply a malicious .tgz file can craft a small compressed archive that expands to gigabytes when extracted, consuming excessive memory and causing the Trivy process to be terminated by the operating system’s OOM killer. This results in the scanning service becoming unavailable, effectively a denial‑of‑service for any workflow that depends on Trivy’s analysis. The weakness is related to resource exhaustion and uncontrolled allocation, as reflected in the associated CWE-770 and CWE-789 identifiers.

Affected Systems

Aqua Security’s Trivy product is affected. Any Trivy version prior to 0.71.0 is vulnerable, regardless of the environment or deployment method. The vulnerability is tied to the processing of Helm chart archives (files with .tgz extension). Users should verify their installed Trivy version and consider the affected range if an earlier release is in use.

Risk and Exploitability

The CVSS score of 6.9 places this problem in the moderate severity range. No EPSS score is currently available, and the vulnerability is not listed in the CISA KEV catalog. The attack requires an attacker to be able to place a crafted .tgz file in a location that Trivy scans locally, so it is mainly a local or supply‑chain attack vector rather than a remote network‑based exploitation. If an environment trusts the source of Helm charts, the risk is lower; if untrusted archives can be introduced, the risk of service disruption is significant.

Generated by OpenCVE AI on June 25, 2026 at 18:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Trivy to version 0.71.0 or newer, which removes the unbounded read in the tar parser.
  • Restrict the set of files that Trivy scans by deleting or rejecting untrusted Helm chart archives before they are processed.
  • Configure scanning workflows to run in isolated or read‑only environments so that an OOM condition in the scanner cannot affect other critical services.

Generated by OpenCVE AI on June 25, 2026 at 18:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-q3fv-x8vg-qqm4 Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser
History

Thu, 25 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Aquasecurity
Aquasecurity trivy
Vendors & Products Aquasecurity
Aquasecurity trivy

Thu, 25 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAll(tr) and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to gigabytes, causing the Trivy process to be killed by the OS OOM killer. This vulnerability is fixed in 0.71.0.
Title Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser
Weaknesses CWE-770
CWE-789
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Aquasecurity Trivy
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-25T18:55:50.084Z

Reserved: 2026-06-15T15:30:40.317Z

Link: CVE-2026-54448

cve-icon Vulnrichment

Updated: 2026-06-25T18:55:05.645Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T21:30:11Z

Weaknesses
  • CWE-770

    Allocation of Resources Without Limits or Throttling

  • CWE-789

    Memory Allocation with Excessive Size Value