1680 matches found
CVE-2026-53492 containerd CRI checkpoint restore CDI annotation smuggling
containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...
CVE-2026-53492
containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...
CVE-2026-50195
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...
CVE-2026-50195
Containerd CVE-2026-50195 affects CRI checkpoint import: unvalidated image references in a checkpoint config allow an attacker with pod-creation permissions to trigger pulling a malicious image and assign it a local tag, poisoning the node’s local image cache. Subsequent pods on the same node usi...
CVE-2026-50195
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...
CVE-2026-47262
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an...
CVE-2026-47262
CVE-2026-47262 affects containerd where a maliciously crafted image can trigger a Denial of Service by exhausting memory during container creation, causing an Out-Of-Memory (OOM) kill of the containerd process and making the runtime API unavailable (impacting clients like Docker Engine and Kubern...
CVE-2026-47262
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an...
CVE-2026-46680
containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...
CVE-2026-46680
containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...
CVE-2026-46680 containerd user ID handling bypass allows runAsNonRoot evasion
containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...
CVE-2026-46680
CVE-2026-46680 concerns containerd, the container runtime. A flaw in how numeric User directives are parsed (not a 32-bit integer) can cause such values to be treated as usernames, enabling runAsNonRoot evasion. If a crafted image supplies an /etc/passwd mapping that maps this large numeric strin...
CVE-2026-46680
containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...
CVE-2026-53488
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands o...
CVE-2026-53488
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...
CVE-2026-53488
CVE-2026-53488 affects containerd’s CRI plugin: image config LABELs are propagated to containers without validation, enabling potential host-command execution via a plugin that consumes labels. Concrete details across connected docs confirm this vulnerability in containerd versions prior to 1.7.3...
CVE-2026-53488 containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...
EUVD-2026-40860
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...
CVE-2026-53488
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...
openSUSE 16 Security Update : trivy (openSUSE-SU-2026:21072-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21072-1 advisory. This update for trivy fixes the following issues Update to version 0.71.2: - CVE-2026-44740: github.com/go-git/go-billy/v5: improper input...