Packer is a software for creating identical machine images or containers for multiple platforms from a single source configuration.

Packer

HashiCorp's Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other sensitive resources in modern data centers. For each resource, Vault handles leasing, revocation, rolling, and auditing.

HashiCorp Vault

Prometheus is an open-source monitoring system with a dimensional data model, flexible query language, efficient time series database, and modern alerting approach.

Prometheus

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application's services. Then, with a single command, you create and start all the services from your configuration. Compose works in all environments: production, staging, development, testing, as well as CI workflows.

Docker Compose

NixOS is a Linux distribution built on top of the Nix package manager. It is completely declarative, its system configurations are reproducible, makes configuration changes reliable and atomic, and eliminates configuration drift.

NixOS

Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real time. You can use CloudWatch to collect and track metrics, which are the variables you can measure for your resources and applications.

Amazon CloudWatch Agent

MinIO is a high-performance object storage that is API compatible with Amazon S3 cloud storage service. Use MinIO to build high-performance infrastructure for machine learning, analytics, and application data workloads.

MinIO

SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI, and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, and PGP.

SOPS

The Google OS Config agent runs on your GCP VM and uses the specifications in the guest policy to maintain it in a desired state.

Google OS Config Agent

Wolfi is a community Linux OS designed for the container and cloud-native era; it is a Linux distribution based on Alpine.

Wolfi

Chainguard is a Linux distribution based on Alpine. It's the commercial version of the Wolfi distro.

Chainguard

Cloudflared is a command-line tool developed by Cloudflare, used for creating secure, encrypted connections between a client and a server. It employs Argo Tunnel, which ensures data protection by sending it through Cloudflare's global network. This helps reduce latency, enhance performance, and eliminate the need to expose applications directly to the internet.

Cloudflared

Grafana Tempo is a distributed tracing backend that is optimized for high-scale and high-cardinality tracing data. It provides a scalable and efficient way to collect, store, and analyze tracing information, enabling insights into the performance and behavior of distributed applications.

Grafana Tempo

Thanos is an open-source project that extends the functionality of the Prometheus monitoring system by adding features like high availability and long-term historical data storage. Built to meet the requirements of scalability and reliability, Thanos allows seamless access to Prometheus data across different databases. It also uses a highly efficient compression algorithm, resulting in cost-effective storage.

Thanos

MinimOS is a minimalist operating system designed for simplicity and efficiency. It aims to provide only essential functionalities, making it lightweight and suitable for resource-constrained environments. MinimOS is often used in embedded systems or as a base for custom operating system development.

MinimOS

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-4660	HIGH	7.5	Packer	zot	No	Yes	Apr 09, 2026
CVE-2026-34986	HIGH	7.5	Packer	kaniko-fips	No	Yes	Apr 06, 2026
CVE-2026-39883	HIGH	7.3	Packer	loki-3.6	No	Yes	Apr 08, 2026
CVE-2026-34165	MEDIUM	5	Packer	kubevela	No	Yes	Mar 31, 2026
CVE-2026-33762	LOW	2.8	Packer	argo-cd-fips-3.3	No	Yes	Mar 31, 2026

CVE-2026-39883:
Packer vulnerability analysis and mitigation

7.3

Related Packer vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-39883: Packer vulnerability analysis and mitigation