Wolfi is a community Linux OS designed for the container and cloud-native era; it is a Linux distribution based on Alpine.

Wolfi

Chainguard is a Linux distribution based on Alpine. It's the commercial version of the Wolfi distro.

Chainguard

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Echo is a secure, minimal Linux OS built vulnerability-free. It is fully compatible across environments and continuously patched - making it a clean, dependable base layer for modern applications. Echo is used by organizations focused on security and reliability, including those with compliance or FIPS requirements.

Echo

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in 0.159.2.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-34976	CRITICAL	10	Wolfi	github.com/dgraph-io/dgraph/v24	No	Yes	Apr 06, 2026
CVE-2026-35172	HIGH	7.5	Wolfi	github.com/distribution/distribution	No	Yes	Apr 06, 2026
CVE-2026-35209	HIGH	7.5	JavaScript	defu	No	Yes	Apr 06, 2026
CVE-2026-34986	HIGH	7.5	Packer	distribution	No	Yes	Apr 06, 2026
CVE-2026-35166	MEDIUM	5.3	Wolfi	hugo	No	Yes	Apr 06, 2026

CVE-2026-35166:
Wolfi vulnerability analysis and mitigation

5.3

Related Wolfi vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-35166: Wolfi vulnerability analysis and mitigation