Vulnerability intelligence
CVE-2026-50163
ORAS Go and Java SDKs — used by Azure ACR, AWS ECR, Docker Hub, Helm, and Notation — disclosed symlink and hardlink escape flaws that let a malicious artifact write files outside the extraction directory.
2026
What WebPulse reported · 1 analysis
Related vulnerabilities