Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-25140

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in pkg/apk/expandapk/expandapk.go expands .apk streams without enforcing decompression limits, allowing a malicious repository to serve a small, highly-compressed .apk that inflates into a large tar stream, consuming excessive disk space and CPU time, causing build failures or denial of service. This issue has been patched in version 1.1.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.7%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-25140
  • Chainguard » Apko » Version: 0.14.8
    cpe:2.3:a:chainguard:apko:0.14.8
  • Chainguard » Apko » Version: 0.14.9
    cpe:2.3:a:chainguard:apko:0.14.9
  • Chainguard » Apko » Version: 0.15.0
    cpe:2.3:a:chainguard:apko:0.15.0
  • Chainguard » Apko » Version: 0.16.0
    cpe:2.3:a:chainguard:apko:0.16.0
  • Chainguard » Apko » Version: 0.17.0
    cpe:2.3:a:chainguard:apko:0.17.0
  • Chainguard » Apko » Version: 0.18.0
    cpe:2.3:a:chainguard:apko:0.18.0
  • Chainguard » Apko » Version: 0.18.1
    cpe:2.3:a:chainguard:apko:0.18.1
  • Chainguard » Apko » Version: 0.19.0
    cpe:2.3:a:chainguard:apko:0.19.0
  • Chainguard » Apko » Version: 0.19.1
    cpe:2.3:a:chainguard:apko:0.19.1
  • Chainguard » Apko » Version: 0.19.2
    cpe:2.3:a:chainguard:apko:0.19.2
  • Chainguard » Apko » Version: 0.19.3
    cpe:2.3:a:chainguard:apko:0.19.3
  • Chainguard » Apko » Version: 0.19.4
    cpe:2.3:a:chainguard:apko:0.19.4
  • Chainguard » Apko » Version: 0.19.5
    cpe:2.3:a:chainguard:apko:0.19.5
  • Chainguard » Apko » Version: 0.19.6
    cpe:2.3:a:chainguard:apko:0.19.6
  • Chainguard » Apko » Version: 0.19.7
    cpe:2.3:a:chainguard:apko:0.19.7
  • Chainguard » Apko » Version: 0.19.8
    cpe:2.3:a:chainguard:apko:0.19.8
  • Chainguard » Apko » Version: 0.19.9
    cpe:2.3:a:chainguard:apko:0.19.9
  • Chainguard » Apko » Version: 0.20.0
    cpe:2.3:a:chainguard:apko:0.20.0
  • Chainguard » Apko » Version: 0.20.1
    cpe:2.3:a:chainguard:apko:0.20.1
  • Chainguard » Apko » Version: 0.20.2
    cpe:2.3:a:chainguard:apko:0.20.2
  • Chainguard » Apko » Version: 0.21.0
    cpe:2.3:a:chainguard:apko:0.21.0
  • Chainguard » Apko » Version: 0.22.0
    cpe:2.3:a:chainguard:apko:0.22.0
  • Chainguard » Apko » Version: 0.22.1
    cpe:2.3:a:chainguard:apko:0.22.1
  • Chainguard » Apko » Version: 0.22.2
    cpe:2.3:a:chainguard:apko:0.22.2
  • Chainguard » Apko » Version: 0.22.3
    cpe:2.3:a:chainguard:apko:0.22.3
  • Chainguard » Apko » Version: 0.22.4
    cpe:2.3:a:chainguard:apko:0.22.4
  • Chainguard » Apko » Version: 0.22.5
    cpe:2.3:a:chainguard:apko:0.22.5
  • Chainguard » Apko » Version: 0.22.6
    cpe:2.3:a:chainguard:apko:0.22.6
  • Chainguard » Apko » Version: 0.22.7
    cpe:2.3:a:chainguard:apko:0.22.7
  • Chainguard » Apko » Version: 0.23.0
    cpe:2.3:a:chainguard:apko:0.23.0
  • Chainguard » Apko » Version: 0.24.0
    cpe:2.3:a:chainguard:apko:0.24.0
  • Chainguard » Apko » Version: 0.25.0
    cpe:2.3:a:chainguard:apko:0.25.0
  • Chainguard » Apko » Version: 0.25.1
    cpe:2.3:a:chainguard:apko:0.25.1
  • Chainguard » Apko » Version: 0.25.2
    cpe:2.3:a:chainguard:apko:0.25.2
  • Chainguard » Apko » Version: 0.25.3
    cpe:2.3:a:chainguard:apko:0.25.3
  • Chainguard » Apko » Version: 0.25.4
    cpe:2.3:a:chainguard:apko:0.25.4
  • Chainguard » Apko » Version: 0.25.5
    cpe:2.3:a:chainguard:apko:0.25.5
  • Chainguard » Apko » Version: 0.25.6
    cpe:2.3:a:chainguard:apko:0.25.6
  • Chainguard » Apko » Version: 0.25.7
    cpe:2.3:a:chainguard:apko:0.25.7
  • Chainguard » Apko » Version: 0.26.0
    cpe:2.3:a:chainguard:apko:0.26.0
  • Chainguard » Apko » Version: 0.26.1
    cpe:2.3:a:chainguard:apko:0.26.1
  • Chainguard » Apko » Version: 0.27.0
    cpe:2.3:a:chainguard:apko:0.27.0
  • Chainguard » Apko » Version: 0.27.1
    cpe:2.3:a:chainguard:apko:0.27.1
  • Chainguard » Apko » Version: 0.27.2
    cpe:2.3:a:chainguard:apko:0.27.2
  • Chainguard » Apko » Version: 0.27.3
    cpe:2.3:a:chainguard:apko:0.27.3
  • Chainguard » Apko » Version: 0.27.4
    cpe:2.3:a:chainguard:apko:0.27.4
  • Chainguard » Apko » Version: 0.27.5
    cpe:2.3:a:chainguard:apko:0.27.5
  • Chainguard » Apko » Version: 0.27.6
    cpe:2.3:a:chainguard:apko:0.27.6
  • Chainguard » Apko » Version: 0.27.7
    cpe:2.3:a:chainguard:apko:0.27.7
  • Chainguard » Apko » Version: 0.27.8
    cpe:2.3:a:chainguard:apko:0.27.8
  • Chainguard » Apko » Version: 0.27.9
    cpe:2.3:a:chainguard:apko:0.27.9
  • Chainguard » Apko » Version: 0.28.0
    cpe:2.3:a:chainguard:apko:0.28.0
  • Chainguard » Apko » Version: 0.29.0
    cpe:2.3:a:chainguard:apko:0.29.0
  • Chainguard » Apko » Version: 0.29.1
    cpe:2.3:a:chainguard:apko:0.29.1
  • Chainguard » Apko » Version: 0.29.10
    cpe:2.3:a:chainguard:apko:0.29.10
  • Chainguard » Apko » Version: 0.29.2
    cpe:2.3:a:chainguard:apko:0.29.2
  • Chainguard » Apko » Version: 0.29.3
    cpe:2.3:a:chainguard:apko:0.29.3
  • Chainguard » Apko » Version: 0.29.4
    cpe:2.3:a:chainguard:apko:0.29.4
  • Chainguard » Apko » Version: 0.29.5
    cpe:2.3:a:chainguard:apko:0.29.5
  • Chainguard » Apko » Version: 0.29.6
    cpe:2.3:a:chainguard:apko:0.29.6
  • Chainguard » Apko » Version: 0.29.7
    cpe:2.3:a:chainguard:apko:0.29.7
  • Chainguard » Apko » Version: 0.29.8
    cpe:2.3:a:chainguard:apko:0.29.8
  • Chainguard » Apko » Version: 0.29.9
    cpe:2.3:a:chainguard:apko:0.29.9
  • Chainguard » Apko » Version: 0.30.0
    cpe:2.3:a:chainguard:apko:0.30.0
  • Chainguard » Apko » Version: 0.30.1
    cpe:2.3:a:chainguard:apko:0.30.1
  • Chainguard » Apko » Version: 0.30.10
    cpe:2.3:a:chainguard:apko:0.30.10
  • Chainguard » Apko » Version: 0.30.11
    cpe:2.3:a:chainguard:apko:0.30.11
  • Chainguard » Apko » Version: 0.30.12
    cpe:2.3:a:chainguard:apko:0.30.12
  • Chainguard » Apko » Version: 0.30.13
    cpe:2.3:a:chainguard:apko:0.30.13
  • Chainguard » Apko » Version: 0.30.14
    cpe:2.3:a:chainguard:apko:0.30.14
  • Chainguard » Apko » Version: 0.30.15
    cpe:2.3:a:chainguard:apko:0.30.15
  • Chainguard » Apko » Version: 0.30.16
    cpe:2.3:a:chainguard:apko:0.30.16
  • Chainguard » Apko » Version: 0.30.17
    cpe:2.3:a:chainguard:apko:0.30.17
  • Chainguard » Apko » Version: 0.30.18
    cpe:2.3:a:chainguard:apko:0.30.18
  • Chainguard » Apko » Version: 0.30.19
    cpe:2.3:a:chainguard:apko:0.30.19
  • Chainguard » Apko » Version: 0.30.2
    cpe:2.3:a:chainguard:apko:0.30.2
  • Chainguard » Apko » Version: 0.30.20
    cpe:2.3:a:chainguard:apko:0.30.20
  • Chainguard » Apko » Version: 0.30.21
    cpe:2.3:a:chainguard:apko:0.30.21
  • Chainguard » Apko » Version: 0.30.22
    cpe:2.3:a:chainguard:apko:0.30.22
  • Chainguard » Apko » Version: 0.30.23
    cpe:2.3:a:chainguard:apko:0.30.23
  • Chainguard » Apko » Version: 0.30.24
    cpe:2.3:a:chainguard:apko:0.30.24
  • Chainguard » Apko » Version: 0.30.25
    cpe:2.3:a:chainguard:apko:0.30.25
  • Chainguard » Apko » Version: 0.30.26
    cpe:2.3:a:chainguard:apko:0.30.26
  • Chainguard » Apko » Version: 0.30.27
    cpe:2.3:a:chainguard:apko:0.30.27
  • Chainguard » Apko » Version: 0.30.28
    cpe:2.3:a:chainguard:apko:0.30.28
  • Chainguard » Apko » Version: 0.30.29
    cpe:2.3:a:chainguard:apko:0.30.29
  • Chainguard » Apko » Version: 0.30.3
    cpe:2.3:a:chainguard:apko:0.30.3
  • Chainguard » Apko » Version: 0.30.30
    cpe:2.3:a:chainguard:apko:0.30.30
  • Chainguard » Apko » Version: 0.30.31
    cpe:2.3:a:chainguard:apko:0.30.31
  • Chainguard » Apko » Version: 0.30.32
    cpe:2.3:a:chainguard:apko:0.30.32
  • Chainguard » Apko » Version: 0.30.33
    cpe:2.3:a:chainguard:apko:0.30.33
  • Chainguard » Apko » Version: 0.30.34
    cpe:2.3:a:chainguard:apko:0.30.34
  • Chainguard » Apko » Version: 0.30.35
    cpe:2.3:a:chainguard:apko:0.30.35
  • Chainguard » Apko » Version: 0.30.4
    cpe:2.3:a:chainguard:apko:0.30.4
  • Chainguard » Apko » Version: 0.30.5
    cpe:2.3:a:chainguard:apko:0.30.5
  • Chainguard » Apko » Version: 0.30.6
    cpe:2.3:a:chainguard:apko:0.30.6
  • Chainguard » Apko » Version: 0.30.7
    cpe:2.3:a:chainguard:apko:0.30.7
  • Chainguard » Apko » Version: 0.30.8
    cpe:2.3:a:chainguard:apko:0.30.8
  • Chainguard » Apko » Version: 0.30.9
    cpe:2.3:a:chainguard:apko:0.30.9
  • Chainguard » Apko » Version: 1.0.0
    cpe:2.3:a:chainguard:apko:1.0.0
  • Chainguard » Apko » Version: 1.0.1
    cpe:2.3:a:chainguard:apko:1.0.1
  • Chainguard » Apko » Version: 1.0.2
    cpe:2.3:a:chainguard:apko:1.0.2
  • Chainguard » Apko » Version: 1.0.3
    cpe:2.3:a:chainguard:apko:1.0.3
  • Chainguard » Apko » Version: 1.0.4
    cpe:2.3:a:chainguard:apko:1.0.4
  • Chainguard » Apko » Version: 1.0.5
    cpe:2.3:a:chainguard:apko:1.0.5
  • Chainguard » Apko » Version: 1.1.0
    cpe:2.3:a:chainguard:apko:1.1.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved