Bug 2443452 (CVE-2026-28407)

Summary: CVE-2026-28407 malcontent: malcontent: Malicious content may remain unexamined due to improper handling of failed archive extraction.
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in malcontent, a software designed to discover supply-chain compromises. Prior to version 1.21.0, malcontent would remove nested archives that failed to extract, which could potentially leave malicious content unexamined. This oversight could allow an attacker to bypass security scans by crafting archives that fail extraction, thereby introducing uninspected malicious content into the supply chain.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2443783    
Bug Blocks:    

Description OSIDB Bzimport 2026-02-27 22:02:07 UTC 
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Version 1.21.0 fixes the issue.