CVE-2026-33481
published 2026-03-26CVE-2026-33481: Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.41%
32.5th percentile
Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those archives into temporary storage then inspect the unpacked contents. Under normal operation Syft will remove the temporary data it writes after completing a scan. This vulnerability would affect users of Syft that were scanning content that could cause Syft to fill the temporary storage that would then cause Syft to raise an error and exit. When the error is triggered Syft would exit without properly removing the temporary files in use. In our testing this was most easily reproduced by scanning very large artifacts or highly compressed artifacts such as a zipbomb. Because Syft would not clean up its temporary files, the result would be filling temporary file storage preventing future runs of Syft or other system utilities that rely on temporary storage being available. The patch has been released in v1.42.3. Syft now cleans up temporary files when an error condition is encountered. There are no workarounds for this vulnerability in Syft. Users that find their temporary storage depleted can manually remove the temporary files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anchore | syft | < 1.42.3 | 1.42.3 |
| github.com | anchore_syft | >= 0 < 1.42.3 | 1.42.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Syft improper temporary file cleanup in github.com/anchore/syft
osv·2026-03-23
CVE-2026-33481 Syft improper temporary file cleanup in github.com/anchore/syft
Syft improper temporary file cleanup in github.com/anchore/syft
Syft improper temporary file cleanup in github.com/anchore/syft
GHSA
Syft improper temporary file cleanup
ghsa·2026-03-20
CVE-2026-33481 [MEDIUM] CWE-460 Syft improper temporary file cleanup
Syft improper temporary file cleanup
### Impact
Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those archives into temporary storage then inspect the unpacked contents. Under normal operation Syft will remove the temporary data it writes after completing a scan.
This vulnerability would affect users of Syft that were scanning content that could cause Syft to fill the temporary storage that would then cause Syft to raise an error and exit. When the error is triggered Syft would exit without properly removing the temporary files in use. In our testing this was most easily reproduced by scanning very large artifacts or highly compressed artifacts such as a zipbomb.
Becau
OSV
Syft improper temporary file cleanup
osv·2026-03-20
CVE-2026-33481 [MEDIUM] Syft improper temporary file cleanup
Syft improper temporary file cleanup
### Impact
Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those archives into temporary storage then inspect the unpacked contents. Under normal operation Syft will remove the temporary data it writes after completing a scan.
This vulnerability would affect users of Syft that were scanning content that could cause Syft to fill the temporary storage that would then cause Syft to raise an error and exit. When the error is triggered Syft would exit without properly removing the temporary files in use. In our testing this was most easily reproduced by scanning very large artifacts or highly compressed artifacts such as a zipbomb.
Becau
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-33481 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-33481 [MEDIUM] CVE-2026-33481 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33481 :
NixOS vulnerability analysis and mitigation
Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those archives into temporary storage then inspect the unpacked contents. Under normal operation Syft will remove the temporary data it writes after completing a scan. This vulnerability would affect users of Syft that were scanning content that could cause Syft to fill the temporary storage that would then cause Syft to raise an error and exit. When the error is triggered Syft would exit without properly removing the temporary files in
Bugzilla
CVE-2026-33481 k9s: Syft: Denial of Service due to temporary file exhaustion from archive scanning [fedora-43]
bugzilla·2026-03-26·CVSS 5.3
CVE-2026-33481 [MEDIUM] CVE-2026-33481 k9s: Syft: Denial of Service due to temporary file exhaustion from archive scanning [fedora-43]
CVE-2026-33481 k9s: Syft: Denial of Service due to temporary file exhaustion from archive scanning [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-33481 k9s: Syft: Denial of Service due to temporary file exhaustion from archive scanning [fedora-42]
bugzilla·2026-03-26·CVSS 5.3
CVE-2026-33481 [MEDIUM] CVE-2026-33481 k9s: Syft: Denial of Service due to temporary file exhaustion from archive scanning [fedora-42]
CVE-2026-33481 k9s: Syft: Denial of Service due to temporary file exhaustion from archive scanning [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently mainta
2026-03-26
Published