crun security update

An update is available for crun. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to...

RockyLinux 10 : crun (RLSA-2026:19020)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19020 advisory. crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 Tenable has extracted the preceding description block directly fro...

RLSA-2026:19178 Moderate: crun security update

crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

Moderate: crun security update

crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

RHEL 10 : crun (RHSA-2026:19020)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19020 advisory. crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more detail...

RHEL 9 : crun (RHSA-2026:19178)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:19178 advisory. crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details...

Fedora: Security Advisory (FEDORA-2026-32cf2c53f7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RockyLinux 10 : crun (RLSA-2026:6622)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6622 advisory. crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 Tenable has extracted the preceding description block directly from...

RLSA-2026:6621 Moderate: crun security update

crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

Oracle Linux 9 : crun (ELSA-2026-6621)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-6621 advisory. - fixes CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the --user option rhel-9.7.z Tenable has extracted the preceding description...

Moderate: Red Hat Security Advisory: crun security update

An update for crun is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ALSA-2026:6622 Moderate: crun security update

crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

RHEL 9 : crun (RHSA-2026:6621)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:6621 advisory. crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details...

AlmaLinux 9 : crun (ALSA-2026:6621)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:6621 advisory. crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 Tenable has extracted the preceding description block directly from t...

RHEL 10 : crun (RHSA-2026:6622)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:6622 advisory. crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details...

AlmaLinux 10 : crun (ALSA-2026:6622)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:6622 advisory. crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 Tenable has extracted the preceding description block directly from...

Fedora: Security Advisory (FEDORA-2026-4747ff73a3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

Linux Distros Unpatched Vulnerability : CVE-2026-30892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value ...

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...