Lucene search
K

1680 matches found

Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-53492 containerd CRI checkpoint restore CDI annotation smuggling

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...

8.4CVSS0.00412EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 5 days ago7 views

CVE-2026-53492

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...

9.6CVSS5.9AI score0.00412EPSS
Exploits0
Debian CVE
Debian CVE
added 5 days ago6 views

CVE-2026-50195

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...

9.9CVSS6.1AI score0.00354EPSS
Exploits0
CVE
CVE
added 5 days ago30 views

CVE-2026-50195

Containerd CVE-2026-50195 affects CRI checkpoint import: unvalidated image references in a checkpoint config allow an attacker with pod-creation permissions to trigger pulling a malicious image and assign it a local tag, poisoning the node’s local image cache. Subsequent pods on the same node usi...

9.9CVSS6.1AI score0.00354EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 5 days ago8 views

CVE-2026-50195

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...

9.9CVSS6.1AI score0.00354EPSS
Exploits0
Debian CVE
Debian CVE
added 5 days ago8 views

CVE-2026-47262

containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an...

5.5CVSS5.7AI score0.00317EPSS
Exploits0
CVE
CVE
added 5 days ago65 views

CVE-2026-47262

CVE-2026-47262 affects containerd where a maliciously crafted image can trigger a Denial of Service by exhausting memory during container creation, causing an Out-Of-Memory (OOM) kill of the containerd process and making the runtime API unavailable (impacting clients like Docker Engine and Kubern...

5.5CVSS5.7AI score0.00317EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 5 days ago9 views

CVE-2026-47262

containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an...

5.5CVSS5.7AI score0.00317EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 5 days ago5 views

CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.8CVSS5.7AI score0.00221EPSS
Exploits1
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-46680 containerd user ID handling bypass allows runAsNonRoot evasion

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.3CVSS0.00221EPSS
Exploits1References1
CVE
CVE
added 5 days ago178 views

CVE-2026-46680

CVE-2026-46680 concerns containerd, the container runtime. A flaw in how numeric User directives are parsed (not a 32-bit integer) can cause such values to be treated as usernames, enabling runAsNonRoot evasion. If a crafted image supplies an /etc/passwd mapping that maps this large numeric strin...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 5 days ago24 views

CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7.8CVSS5.7AI score0.00221EPSS
Exploits1
RedhatCVE
RedhatCVE
added 5 days ago12 views

CVE-2026-53488

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands o...

9.4CVSS6.1AI score0.00203EPSS
Exploits0References4
NVD
NVD
added 5 days ago5 views

CVE-2026-53488

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

9.4CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 5 days ago55 views

CVE-2026-53488

CVE-2026-53488 affects containerd’s CRI plugin: image config LABELs are propagated to containers without validation, enabling potential host-command execution via a plugin that consumes labels. Concrete details across connected docs confirm this vulnerability in containerd versions prior to 1.7.3...

9.4CVSS5.9AI score0.00203EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-53488 containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

9.4CVSS0.00203EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-40860

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

9.4CVSS5.9AI score0.00203EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 5 days ago6 views

CVE-2026-53488

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

9.4CVSS5.9AI score0.00203EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 5 days ago4 views

openSUSE 16 Security Update : trivy (openSUSE-SU-2026:21072-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21072-1 advisory. This update for trivy fixes the following issues Update to version 0.71.2: - CVE-2026-44740: github.com/go-git/go-billy/v5: improper input...

9.9CVSS6AI score0.00412EPSS
Exploits1References21
Rows per page
Query Builder