From cdad1ce2ff53de56e23b61f173e71849aa980d2e Mon Sep 17 00:00:00 2001
From: David Kanney <david.kanney@hashicorp.com>
Date: Mon, 30 Mar 2026 16:50:57 -0400
Subject: [PATCH] fix: Add CVE-2026-27171 to the list of suppressed
 vulnerabilities in security scan (#6553)

---
 .release/security-scan.hcl | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index d2a8b6bd20..94493be6ca 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -34,7 +34,12 @@ container {
 				# iputils@20240905-r0 https://nvd.nist.gov/vuln/detail/CVE-2025-48964
 				#
 				# Boundary does not utilize ping in iputils.
-				"CVE-2025-48964"
+				"CVE-2025-48964",
+
+                # zlib@1.3.1-r2 https://nvd.nist.gov/vuln/detail/CVE-2026-27171
+                #
+                # There's no base image fix for this yet.
+                "CVE-2026-27171"
 			]
 		}
 	}