150 matches found
CVE-2026-50195
A flaw was found in containerd, an open-source container runtime. The CRI Container Runtime Interface checkpoint import process fails to validate image references within a checkpoint image's configuration. An attacker with permissions to create pods can exploit this by using a specially crafted...
Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-122 (ALASECS-2026-122)
The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-122 advisory. The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an...
Linux Distros Unpatched Vulnerability : CVE-2026-53489
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization during the CRI checkpoint restore. An attacker can gain unauthorized access to resources by injecting arbitrary Container Device Interface CDI annotations into checkpoint image metadata, which are then trusted an...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...
containerd image-triggered runtime DoS via unbounded group parsing
Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory OOM kill of the containerd process. This renders the container runtime API unavailab...
Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-127 (ALASDOCKER-2026-127)
The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-127 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded...
Containerd 1.7.27 < 1.7.32 / 2.0.4 < 2.0.9 / 2.1.x < 2.2.4 / 2.3.x < 2.3.1 runAsNonRoot Bypass
The version of Containerd on the remote host is 1.7.27 prior to 1.7.32, 2.0.4 prior to 2.0.9, 2.1.x prior to 2.2.4, or 2.3.x prior to 2.3.1. It is, therefore, affected by a security bypass vulnerability. A bug was found in containerd where containers launched with a numeric User directive that...
Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-116 (ALASECS-2026-116)
The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-116 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory an...
Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-120 (ALASDOCKER-2026-120)
The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-120 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via improper handling of numeric User directives in container configuration. An attacker can gain elevated privileges by supplying a crafted image with an /etc/passwd file that...
GHSA-FQW6-GF59-QR4W containerd user ID handling bypass allows runAsNonRoot evasion
Impact A bug was found in containerd where containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as...
SUSE CVE-2020-15157
In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...
Astra Linux – Vulnerability in Containerd
Containerd is a container runtime that is available as a daemon for Linux and Windows. A bug was discovered in Containerd prior to versions 1.6.1, 1.5.10, and 1.14.12. In these versions, containers launched through Containerd’s CRI implementation on Linux, with a specially crafted image...
Astra Linux – Vulnerability in Containerd
Containerd is an open-source container runtime that emphasizes simplicity, robustness, and portability. A bug was discovered in Containerd where container root directories and certain plugins had insufficiently restricted permissions, allowing unprivileged Linux users to access the contents of...
Astra Linux – Vulnerability in Containerd
Containerd is a container runtime. A bug was discovered in containerd versions prior to 1.4.8 and 1.5.4, where pulling and extracting a specially crafted container image could result in changes to Unix file permissions for existing files in the host’s filesystem. Changes to file permissions could...
Astra Linux – Vulnerability in Containerd
In containerd a industry-standard container runtime, before versions 1.3.10 and 1.4.4, containers launched through containerd’s CRI implementation via Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image might receive incorrect...
Astra Linux – Vulnerability in Containerd
Containerd is an open-source container runtime. A bug was discovered in Containerd’s CRI implementation, where a user could exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user’s process fails to launch d...
Unity Linux 20.1060e / 20.1070e Security Update: containerd (UTSA-2026-017436)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017436 advisory. containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root...