Packer is a software for creating identical machine images or containers for multiple platforms from a single source configuration.

Packer

Gitea is an open-source forge software package for hosting software development version control using Git, as well as other collaborative features like bug tracking, wikis, and code review.

Gitea

Wolfi is a community Linux OS designed for the container and cloud-native era; it is a Linux distribution based on Alpine.

Wolfi

Chainguard is a Linux distribution based on Alpine. It's the commercial version of the Wolfi distro.

Chainguard

### Impact
A vulnerability has been identified in which a maliciously crafted `.idx` file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service (DoS) condition.
Exploitation requires write access to the local repository's `.git` directory, it order to create or alter existing `.idx` files. 
### Patches
Users should upgrade to `v5.17.1`, or the latest `v6` [pseudo-version](https://go.dev/ref/mod#pseudo-versions), in order to mitigate this vulnerability.
### Credit
The go-git maintainers thank @kq5y for finding and reporting this issue privately to the `go-git` project.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-33186	CRITICAL	9.1	cAdvisor	kube-vip-cloud-provider-0.0.10	No	Yes	Mar 20, 2026
CVE-2026-27142	MEDIUM	6.1	cAdvisor	secrets-store-csi-driver	No	Yes	Mar 06, 2026
CVE-2026-34165	MEDIUM	5	Packer	grype	No	Yes	Mar 30, 2026
CVE-2026-33762	LOW	2.8	Packer	bom	No	Yes	Mar 30, 2026
CVE-2026-27139	LOW	2.5	cAdvisor	terraform-provider-sendgrid-fips	No	Yes	Mar 06, 2026

CVE-2026-34165:
Packer vulnerability analysis and mitigation

Impact

Patches

Credit

5

Related Packer vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-34165: Packer vulnerability analysis and mitigation