CVE-2026-29051 | chainguard-dev melange up to 0.43.3 filepath.Separator pkgname path traversal (GHSA-q2pw-xx38-p64j)

A vulnerability classified as critical has been found in chainguard-dev melange up to 0.43.3. Affected by this issue is the function filepath.Separator. This manipulation of the argument pkgname causes path traversal.

The identification of this vulnerability is CVE-2026-29051. The attack can only be executed locally. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More