Depending on how malleability is defined, the question actually has some merit.
Given to the Wikipedia definition of malleability, a cipher is malleable if there exists at least one function $g$ over the set of possible cipher texts, and one function $f$ over the set of possible plain texts, such that given any cipher text $c_0$, the cipher text $c_1 = g(c_0)$ will decrypt to $D_k(c_1) = f(D_k(c_0))$ regardless of which key $k$ is used for the decryption.
Given that a function by definition assigns a unique value to each argument, there only exists such a function $f$ for CBC mode that might be known in advance to the attacker and might be determined from $g$ alone, if the corresponding function $g$ only modifies the IV. If the function $g$ modifies any other block, then $f$ will either be a relation (i.e. assign a set of possible values to each argument, rather than a unique value), or it will be a function that depends also on the key $k$.
Still, non-malleability might be defined in such way that the function $f$ only has to exist, without necessarily being known to the attacker in advance. If non-malleability is defined in such way, it is not necessarily a problem that this might imply that $f$ depends also on the unknown key and not just on $g$ and the plain text.
