CVE-2026-29051: Chainguard Melange Path Traversal Flaw

CVE-2026-29051 Overview

CVE-2026-29051 is a path traversal vulnerability in Chainguard Melange, a tool that allows users to build APK packages using declarative pipelines. The vulnerability exists in versions 0.32.0 through 0.43.3 and affects the --persist-lint-results functionality used during package linting and building operations.

When the --persist-lint-results flag is enabled (either via melange lint or melange build), the tool constructs output file paths by joining --out-dir with arch and pkgname values read from the .PKGINFO control file of the APK being processed. In affected versions, these values were not validated for path separators or .. sequences, allowing an attacker to write JSON lint report files to arbitrary locations on the filesystem.

Critical Impact
An attacker who can supply a malicious APK to a melange-based lint/build pipeline can write attacker-influenced JSON content to arbitrary .json paths, potentially clobbering other JSON artifacts on the filesystem.

Affected Products

Chainguard Melange versions 0.32.0 to 0.43.3

Discovery Timeline

2026-04-24 - CVE-2026-29051 published to NVD
2026-04-27 - Last updated in NVD database

Technical Details for CVE-2026-29051

Vulnerability Analysis

This path traversal vulnerability (CWE-22) occurs in the pkg/linter/results.go file within the Melange codebase. The vulnerability is triggered when an attacker supplies a crafted APK package containing malicious .PKGINFO metadata with path traversal sequences in the arch or pkgname fields.

The attack requires local access and user interaction (specifically, an administrator or CI system must process the malicious APK with the --persist-lint-results flag enabled). While there is no direct code execution path, the ability to write attacker-influenced JSON content to arbitrary filesystem locations could be leveraged to overwrite configuration files, corrupt build artifacts, or manipulate CI/CD pipeline outputs.

The vulnerability is limited in scope because the --persist-lint-results flag is disabled by default, meaning only deployments that explicitly enable this feature are affected. The written files are always JSON lint reports with a specific naming pattern (lint-<pkgname>-<pkgver>-r<epoch>.json), and the file content is only partially attacker-controlled.

Root Cause

The root cause is insufficient input validation when constructing file paths from user-supplied data in the .PKGINFO control file. The arch and pkgname fields were directly used in path construction without sanitization, allowing directory traversal sequences like .. or absolute path separators to escape the intended output directory.

Attack Vector

An attacker exploits this vulnerability by:

Crafting a malicious APK package with path traversal sequences in the .PKGINFO file's pkgname or arch fields
Submitting this APK to a CI pipeline, build-as-a-service platform, or any system that processes third-party APKs using Melange
When the system runs melange lint --persist-lint-results or melange build --persist-lint-results, the malicious path components cause the JSON output file to be written outside the intended directory

The following patch in pkg/linter/results.go (commit 84f3b45) adds validation to prevent path traversal:

 	"fmt"
 	"os"
 	"path/filepath"
+	"strings"

 	"github.com/chainguard-dev/clog"

 	"chainguard.dev/melange/pkg/config"
 	"chainguard.dev/melange/pkg/linter/types"
 )

+// containsPathTraversal checks if a string contains path traversal sequences
+// or path separators that could be used to escape the intended directory.
+func containsPathTraversal(s string) bool {
+	return strings.Contains(s, "..") ||
+		strings.Contains(s, string(filepath.Separator)) ||
+		strings.Contains(s, "/")
+}

 // saveLintResults saves the lint results to JSON files in the packages directory
 func saveLintResults(ctx context.Context, cfg *config.Configuration, results map[string]*types.PackageLintResults, outputDir, arch string) error {
 	log := clog.FromContext(ctx)

Source: GitHub Commit Changes

Detection Methods for CVE-2026-29051

Indicators of Compromise

Unexpected JSON files appearing outside the designated Melange output directories
Lint result files (lint-*-r*.json) in unusual filesystem locations
Modified or corrupted JSON configuration files in CI/CD environments
APK packages with suspicious .PKGINFO content containing .. or / in package names

Detection Strategies

Monitor filesystem write operations for Melange processes writing to paths outside expected output directories
Implement file integrity monitoring on critical JSON configuration files in build environments
Audit APK packages submitted to build pipelines for path traversal sequences in .PKGINFO metadata
Review CI/CD logs for unusual file path patterns in Melange lint output

Monitoring Recommendations

Enable comprehensive logging for all Melange build and lint operations in CI/CD pipelines
Set up alerts for filesystem modifications in directories outside the designated build output paths
Implement APK metadata validation as a pre-processing step before passing packages to Melange
Monitor for changes to critical system or application JSON files during build processes

How to Mitigate CVE-2026-29051

Immediate Actions Required

Upgrade Chainguard Melange to version 0.43.4 or later immediately
Audit any existing build pipelines that process third-party APKs with the --persist-lint-results flag
Review filesystem permissions for Melange processes to limit write access scope
Inspect build directories for any unexpected JSON files that may indicate prior exploitation

Patch Information

The vulnerability is fixed in Melange version 0.43.4. The fix adds the containsPathTraversal() function in pkg/linter/results.go that validates arch and pkgname values for .., /, and filepath.Separator characters before constructing output paths.

For detailed patch information, see:

Workarounds

Remove the --persist-lint-results flag from all Melange commands when processing untrusted APKs
Run Melange as a low-privileged user with minimal filesystem write permissions
Confine Melange write operations to an isolated directory using containers or sandboxing
Implement input validation on APK metadata before processing with Melange

bash

# Configuration example - Run Melange in a restricted container
docker run --rm \
  --read-only \
  --tmpfs /tmp \
  -v /path/to/output:/output:rw \
  -u nobody \
  chainguard/melange:v0.43.4 build \
  --out-dir /output \
  melange.yaml

CVE-2026-29051 Overview

Critical Impact
An attacker who can supply a malicious APK to a melange-based lint/build pipeline can write attacker-influenced JSON content to arbitrary .json paths, potentially clobbering other JSON artifacts on the filesystem.

Affected Products

Chainguard Melange versions 0.32.0 to 0.43.3

Discovery Timeline

2026-04-24 - CVE-2026-29051 published to NVD
2026-04-27 - Last updated in NVD database

Technical Details for CVE-2026-29051

Vulnerability Analysis

Root Cause

Attack Vector

An attacker exploits this vulnerability by:

Crafting a malicious APK package with path traversal sequences in the .PKGINFO file's pkgname or arch fields
Submitting this APK to a CI pipeline, build-as-a-service platform, or any system that processes third-party APKs using Melange
When the system runs melange lint --persist-lint-results or melange build --persist-lint-results, the malicious path components cause the JSON output file to be written outside the intended directory

The following patch in pkg/linter/results.go (commit 84f3b45) adds validation to prevent path traversal:

 	"fmt"
 	"os"
 	"path/filepath"
+	"strings"

 	"github.com/chainguard-dev/clog"

 	"chainguard.dev/melange/pkg/config"
 	"chainguard.dev/melange/pkg/linter/types"
 )

+// containsPathTraversal checks if a string contains path traversal sequences
+// or path separators that could be used to escape the intended directory.
+func containsPathTraversal(s string) bool {
+	return strings.Contains(s, "..") ||
+		strings.Contains(s, string(filepath.Separator)) ||
+		strings.Contains(s, "/")
+}

 // saveLintResults saves the lint results to JSON files in the packages directory
 func saveLintResults(ctx context.Context, cfg *config.Configuration, results map[string]*types.PackageLintResults, outputDir, arch string) error {
 	log := clog.FromContext(ctx)

Source: GitHub Commit Changes

Detection Methods for CVE-2026-29051

Indicators of Compromise

Unexpected JSON files appearing outside the designated Melange output directories
Lint result files (lint-*-r*.json) in unusual filesystem locations
Modified or corrupted JSON configuration files in CI/CD environments
APK packages with suspicious .PKGINFO content containing .. or / in package names

Detection Strategies

Monitor filesystem write operations for Melange processes writing to paths outside expected output directories
Implement file integrity monitoring on critical JSON configuration files in build environments
Audit APK packages submitted to build pipelines for path traversal sequences in .PKGINFO metadata
Review CI/CD logs for unusual file path patterns in Melange lint output

Monitoring Recommendations

Enable comprehensive logging for all Melange build and lint operations in CI/CD pipelines
Set up alerts for filesystem modifications in directories outside the designated build output paths
Implement APK metadata validation as a pre-processing step before passing packages to Melange
Monitor for changes to critical system or application JSON files during build processes

How to Mitigate CVE-2026-29051

Immediate Actions Required

Upgrade Chainguard Melange to version 0.43.4 or later immediately
Audit any existing build pipelines that process third-party APKs with the --persist-lint-results flag
Review filesystem permissions for Melange processes to limit write access scope
Inspect build directories for any unexpected JSON files that may indicate prior exploitation

Patch Information

For detailed patch information, see:

Workarounds

Remove the --persist-lint-results flag from all Melange commands when processing untrusted APKs
Run Melange as a low-privileged user with minimal filesystem write permissions
Confine Melange write operations to an isolated directory using containers or sandboxing
Implement input validation on APK metadata before processing with Melange

bash

# Configuration example - Run Melange in a restricted container
docker run --rm \
  --read-only \
  --tmpfs /tmp \
  -v /path/to/output:/output:rw \
  -u nobody \
  chainguard/melange:v0.43.4 build \
  --out-dir /output \
  melange.yaml

CVE-2026-29051: Chainguard Melange Path Traversal Flaw

CVE-2026-29051 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-29051

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-29051

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-29051

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform

CVE-2026-29051: Chainguard Melange Path Traversal Flaw

CVE-2026-29051 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-29051

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-29051

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-29051

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform