Skip to content

Commit 44efc4d

Browse files
UID2-7456: suppress CVE-2026-56131/56407/56408 (libexpat) in .trivyignore
1 parent 1fa865c commit 44efc4d

1 file changed

Lines changed: 10 additions & 0 deletions

File tree

.trivyignore

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,3 +38,13 @@ CVE-2026-54513 exp:2026-07-25
3838
# eclipse-temurin base image has not yet been rebuilt with it.
3939
# See: UID2-7376
4040
CVE-2026-2100 exp:2026-09-01
41+
42+
# CVE-2026-56131 / CVE-2026-56407 / CVE-2026-56408 — libexpat stack exhaustion / integer overflows
43+
# in the Alpine base image. uid2-admin is a pure Java service; the JVM parses XML via the built-in
44+
# JAXP/Xerces implementation, not the native libexpat C library, and there are no JNI bindings or
45+
# native deps that call into libexpat, so the crafted-XML attack path is not reachable. Fixed in
46+
# Alpine v3.23 libexpat >= 2.8.2-r0; the pinned eclipse-temurin base image has not yet been rebuilt with it.
47+
# See: UID2-7456
48+
CVE-2026-56131 exp:2026-08-09
49+
CVE-2026-56407 exp:2026-08-09
50+
CVE-2026-56408 exp:2026-08-09

0 commit comments

Comments
 (0)