CVE-2026-41013 Tenant-controlled comma smuggles arbitrary CIFS mount options

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

GHSA-RG2X-37C3-W2RH Docker: Race condition in docker cp allows bind mount redirection to host path

Summary A race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. Details When copying files into a container, the daemon sets up a temporary filesystem vie...

Exploit for CVE-2026-41900

OpenLearnX-RCE OpenLearnX Unauthenticated RCE via Contai...

SUSE CVE-2026-40923

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal pat...

CVE-2026-40923

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal pat...

CVE-2026-40923

CVE-2026-40923 affects Tekton Pipelines. Before v1.11.1, a validation bypass in the VolumeMount path restriction lets mounting volumes under restricted /tekton/ paths by exploiting .. path traversal components. The check relies on strings.HasPrefix instead of filepath.Clean, allowing inputs like ...

CVE-2026-40923 Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal pat...

EUVD-2026-24481

Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check...

Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check

Summary A validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but...

GHSA-RX35-6RHX-7858 Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check

Summary A validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but...

Tekton Pipelines 路径遍历漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. Versions of Tekton Pipelines prior to 1.11.1 contained a path traversal vulnerability. This vulnerability stemmed from a validation bypass in the VolumeMount path restrictions, allowing path traversal components to mount...

PT-2026-34176

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions prior to 1.11.1 Description A validation bypass in the VolumeMount path restriction allows mounting volumes under restricted '/tekton/' internal paths by using '..' path traversal components. The restriction check use...

MiracleLinux 7 : runc-1.0.0-66.rc8.el7 (AXSA:2020-4524:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4524:01 advisory. runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation CVE-2019-19921 Tenable has extracted the preceding...

MiracleLinux 9 : runc-1.1.9-1.el9 (AXSA:2023-6674:03)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6674:03 advisory. golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 runc: Rootless runc makes /sys/fs/cgroup writable CVE-2023-25809 runc:...

EUVD-2020-21305

Malware in sbrugna...

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

PT-2025-30583 · Mesosphere +1 · Marathon +2

Name of the Vulnerable Software and Affected Versions: DC/OS versions prior to 1.9.0 Description: The Marathon UI in DC/OS allows unauthenticated users to deploy arbitrary Docker containers. Improper restriction of volume mount configurations allows attackers to deploy a container that mounts the...

D2iQ DC/OS Marathon 安全漏洞

D2iQ DC/OS Marathon is a native task scheduler from US-based D2iQ. A security vulnerability exists in D2iQ DC/OS Marathon versions prior to 1.9.0, which stems from an insufficient restriction on volume mount configurations that could lead to arbitrary Docker container deployments...

Unauthorized Volume Mount

github.com/edgelesssys/contrast is vulnerable to Unauthorized Volume Mount. The vulnerability is due to unexpected interpretation of VOLUME directives due to containerd automatically creating mount points from VOLUME directives or config.volumes in OCI images even when Kubernetes has not explicit...

Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points

Background The VOLUME directive in Dockerfiles, or the config.volumes field in OCI image descriptors, indicates filesystem paths "where the process is likely to write data". While these paths have special semantics in Docker, they are only hints in the OCI spec and are not treated specially by...