CVE-2026-33481: CWE-460: Improper Cleanup on Thrown Exception in anchore syft
CVE-2026-33481 is a medium severity vulnerability in Anchore Syft versions prior to 1. 42. 3 where temporary files are not properly cleaned up if an error occurs due to exhausted temporary storage during scanning. This can happen when scanning very large or highly compressed artifacts, causing Syft to exit without removing temporary files, which may fill the temporary storage and prevent future scans or other system utilities from functioning properly. The issue is fixed in Syft version 1. 42. 3, which ensures cleanup of temporary files even on error. No workarounds exist, but manual removal of leftover temporary files can restore storage availability.
AI Analysis
Technical Summary
Anchore Syft before version 1.42.3 improperly handles cleanup of temporary storage when an exception is thrown due to temporary storage exhaustion during scanning of container images or filesystems. Specifically, when scanning archives, Syft unpacks them into temporary storage and inspects the contents. If the temporary storage is exhausted, Syft raises an error and exits without deleting the temporary files it created. This leads to accumulation of temporary files, potentially filling the storage and blocking subsequent Syft runs or other system processes relying on temporary storage. The vulnerability is tracked as CWE-460 (Improper Cleanup on Thrown Exception). The issue is resolved in version 1.42.3, where Syft now ensures cleanup of temporary files even when errors occur.
Potential Impact
The vulnerability results in denial of service conditions related to temporary storage exhaustion. While it does not affect confidentiality or integrity, it impacts availability by preventing Syft and potentially other system utilities from functioning due to lack of available temporary storage. There are no known exploits in the wild. The CVSS v3.1 base score is 5.3 (medium severity), reflecting network attack vector, low complexity, no privileges or user interaction required, and impact limited to availability.
Mitigation Recommendations
A patch fixing this vulnerability is available in Anchore Syft version 1.42.3. Users should upgrade to this version to ensure proper cleanup of temporary files on error conditions. There are no workarounds. If temporary storage is depleted due to this issue, manual removal of leftover temporary files is required to restore functionality.
CVE-2026-33481: CWE-460: Improper Cleanup on Thrown Exception in anchore syft
Description
CVE-2026-33481 is a medium severity vulnerability in Anchore Syft versions prior to 1. 42. 3 where temporary files are not properly cleaned up if an error occurs due to exhausted temporary storage during scanning. This can happen when scanning very large or highly compressed artifacts, causing Syft to exit without removing temporary files, which may fill the temporary storage and prevent future scans or other system utilities from functioning properly. The issue is fixed in Syft version 1. 42. 3, which ensures cleanup of temporary files even on error. No workarounds exist, but manual removal of leftover temporary files can restore storage availability.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Anchore Syft before version 1.42.3 improperly handles cleanup of temporary storage when an exception is thrown due to temporary storage exhaustion during scanning of container images or filesystems. Specifically, when scanning archives, Syft unpacks them into temporary storage and inspects the contents. If the temporary storage is exhausted, Syft raises an error and exits without deleting the temporary files it created. This leads to accumulation of temporary files, potentially filling the storage and blocking subsequent Syft runs or other system processes relying on temporary storage. The vulnerability is tracked as CWE-460 (Improper Cleanup on Thrown Exception). The issue is resolved in version 1.42.3, where Syft now ensures cleanup of temporary files even when errors occur.
Potential Impact
The vulnerability results in denial of service conditions related to temporary storage exhaustion. While it does not affect confidentiality or integrity, it impacts availability by preventing Syft and potentially other system utilities from functioning due to lack of available temporary storage. There are no known exploits in the wild. The CVSS v3.1 base score is 5.3 (medium severity), reflecting network attack vector, low complexity, no privileges or user interaction required, and impact limited to availability.
Mitigation Recommendations
A patch fixing this vulnerability is available in Anchore Syft version 1.42.3. Users should upgrade to this version to ensure proper cleanup of temporary files on error conditions. There are no workarounds. If temporary storage is depleted due to this issue, manual removal of leftover temporary files is required to restore functionality.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-20T16:16:48.970Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69c570d8f4197a8e3bef1ef2
Added to database: 3/26/2026, 5:46:00 PM
Last enriched: 4/3/2026, 1:39:29 PM
Last updated: 5/8/2026, 2:04:30 AM
Views: 49
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.