EUVD-2026-39808

🗓️ 26 Jun 2026 16:30:41Reported by EUVDType

Podman 3.0.0–5.7.1 allows a symlink in WORKDIR to create directories or modify host ownership; fixed in 5.7.1.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2026-55686	26 Jun 202616:30	–	attackerkb
Circl	CVE-2026-55686	17 Jun 202616:22	–	circl
CVE	CVE-2026-55686	26 Jun 202616:30	–	cve
Cvelist	CVE-2026-55686 Podman: WORKDIR symlink traversal vulnerability	26 Jun 202616:30	–	cvelist
Debian CVE	CVE-2026-55686	26 Jun 202616:30	–	debiancve
Github Security Blog	Podman: WORKDIR symlink traversal vulnerability	18 Jun 202614:28	–	github
NVD	CVE-2026-55686	26 Jun 202617:16	–	nvd
OSV	GHSA-Q6R4-3WMG-FWCQ Podman: WORKDIR symlink traversal vulnerability	18 Jun 202614:28	–	osv
OSV	GO-2026-5568 Podman: WORKDIR symlink traversal vulnerability in github.com/containers/podman	25 Jun 202622:34	–	osv
OSV	MINI-MRCR-43M6-M728	19 Jun 202616:19	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "b36b55e8-d293-3831-aeaf-9f96ecb12392",
        "vendor": {
          "name": "podman-container-tools"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "c949b078-1f0a-36fb-ad5c-47c4d38522fb",
        "product": {
          "name": "podman",
          "vendor": {
            "name": "containers"
          }
        },
        "product_version": "3.0.0, < 5.7.1"
      }
    ]
  }
]

Source	Link
github	www.github.com/podman-container-tools/podman/security/advisories/GHSA-q6r4-3wmg-fwcq
github	www.github.com/podman-container-tools/podman/commit/d18e44e9abb3bf5b7294aa70806e1368fdddfdd0

26 Jun 2026 18:31Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.3

SSVC