All 5 CVE vulnerabilities found in apko, with AI-generated Chinese analysis, references, and POCs.
Vendor: chainguard-dev
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25140 | apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams CWE-400 | 7.5 | High | 2026-02-04 |
| CVE-2026-25121 | apko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside base CWE-23 | 7.5 | High | 2026-02-04 |
| CVE-2026-25122 | apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams CWE-400 | 5.5 | Medium | 2026-02-04 |
| CVE-2025-53945 | apko has incorrect permission (0666) in /etc/ld.so.cache and other files CWE-276 | 7.0 | High | 2025-07-18 |
| CVE-2024-36127 | apko Exposure of HTTP basic auth credentials in log output CWE-522 | 7.5 | High | 2024-06-03 |
All 5 known CVE vulnerabilities affecting apko with full Chinese analysis, references, and POCs where available.