From 654116ba02fc9a8f329857b45b820ecbabfc35c1 Mon Sep 17 00:00:00 2001
From: Ryan Derr <54389874+RyanDerr@users.noreply.github.com>
Date: Tue, 28 Apr 2026 09:59:39 -0500
Subject: [PATCH] chore(security): Add CVE-2026-41989 to the list of suppressed
 vulnerabilities in security scan (#6657)

---
 .release/security-scan.hcl | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index d2a8b6bd20..176a2c96fa 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -35,6 +35,12 @@ container {
 				#
 				# Boundary does not utilize ping in iputils.
 				"CVE-2025-48964"
+
+				# libgcrypt@1.10.3-r1 https://nvd.nist.gov/vuln/detail/CVE-2026-41989
+				# 
+				# Boundary currently uses this indirectly via the alpine base image for docker. 
+				# Currently there is no base image fix available. 
+				"CVE-2026-41989"
 			]
 		}
 	}