## Kyverno Security Alert: tar.Reader Vulnerability (CVE-2026-32288) Exposes Memory Exhaustion Risk
A medium-severity vulnerability in Kyverno's tar.Reader component could allow an attacker to trigger unbounded memory allocation and potential denial-of-service. The flaw, tracked as CVE-2026-32288, is triggered when the reader processes a maliciously crafted archive containing an excessive number of sparse regions encoded in the "old GNU sparse map" format. This creates a direct path for resource exhaustion attacks against systems relying on this library for archive parsing.

The vulnerability is confirmed across multiple active branches of the Kyverno project, including the main development line and the release-1.16 and release-1.17 versions. The issue was identified and logged via GitHub's code scanning tool (CodeQL ID 2339), linking directly to the project's security advisory page. The presence of the flaw in stable release branches significantly broadens the potential impact, indicating that deployed applications using these versions are at risk.

This discovery places immediate pressure on development and security teams to assess their exposure and apply patches. For container security and policy engines like Kyverno, which often process untrusted image layers and configurations, a memory exhaustion vulnerability in a core parsing utility represents a critical attack vector. The advisory necessitates scrutiny of all integration points where archive data from external or user-controlled sources is fed into the system, as successful exploitation could degrade or crash dependent services.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE-2026-32288, vulnerability, memory-exhaustion, tar, GitHub
- **Credibility**: unverified
- **Published**: 2026-04-10 10:39:41
- **ID**: 58613
- **URL**: https://whisperx.ai/en/intel/58613