Lucene search
+L

20 matches found

osv
osv
added 2026/07/09 12:49 p.m.3 views

OESA-2026-2892 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

9.4CVSS6.2AI score0.00317EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/07/02 12:47 p.m.6 views

CVE-2026-47262

A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References4
cve
cve
added 2026/07/01 6:10 p.m.52 views

CVE-2026-53489

CVE-2026-53489 affects containerd CRI: when checkpoint restore occurs, the CRI plugin may read a host file by following a symlink for container.log. Vulnerable versions are prior to 2.3.2, 2.2.5 and 2.1.9. Impact described as arbitrary host file read via kubectl logs, with LOCAL attack potential ...

8.2CVSS5.9AI score0.00208EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/07/01 2:52 p.m.21 views

CVE-2026-53488

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands o...

9.4CVSS6.1AI score0.00203EPSS
Exploits0References4
nvd
nvd
added 2026/07/01 2:17 a.m.7 views

CVE-2026-53488

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

9.4CVSS0.00203EPSS
Exploits0References1
osv
osv
added 2026/07/01 12:11 a.m.2 views

CVE-2026-53488 containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

9.4CVSS6AI score0.00203EPSS
Exploits0References3
cve
cve
added 2026/07/01 12:11 a.m.100 views

CVE-2026-53488

CVE-2026-53488 affects containerd’s CRI plugin: image config LABELs are propagated to containers without validation, enabling potential host-command execution via a plugin that consumes labels. Concrete details across connected docs confirm this vulnerability in containerd versions prior to 1.7.3...

9.4CVSS5.9AI score0.00203EPSS
Exploits0References1Affected Software1
alpinelinux
alpinelinux
added 2026/07/01 12:11 a.m.6 views

CVE-2026-53488

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...

9.4CVSS5.9AI score0.00203EPSS
Exploits0
nessus
nessus
added 2026/06/24 12:0 a.m.44 views

Containerd 1.7.x < 1.7.33 / 2.0.x < 2.0.10 / 2.1.x < 2.1.9 / 2.2.x < 2.2.5 / 2.3.x < 2.3.2 Multiple Vulnerabilities

The version of Containerd on the remote host is 1.7.x prior to 1.7.33, 2.0.x prior to 2.0.10, 2.1.x prior to 2.1.9, 2.2.x prior to 2.2.5, or 2.3.x prior to 2.3.2. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in containerd allows a maliciously crafted image to cause a...

9.4CVSS6.1AI score0.00317EPSS
Exploits0References4
osv
osv
added 2026/06/19 7:35 p.m.9 views

GHSA-RGH6-RFWX-V388 Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

Impact A bug was found in containerd where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. Patches This bug has been fixed in the following containerd versions: 2.3.2...

7.1CVSS6AI score0.00208EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.28 views

PT-2026-51057

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description A bug in the CRI plugin allows the restoration of container.log from a checkpoint image without validating a symlinked path...

9.9CVSS6AI score0.00412EPSS
Exploits0References42
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-16049

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00242EPSS
Exploits0References4
osv
osv
added 2024/08/21 3:11 p.m.19 views

GO-2022-0482 containerd CRI plugin: Host memory exhaustion through ExecSync in github.com/containerd/containerd

containerd CRI plugin: Host memory exhaustion through ExecSync in github.com/containerd/containerd...

5.5CVSS5.8AI score0.00377EPSS
Exploits0References10
osv
osv
added 2024/08/21 2:30 p.m.21 views

GO-2022-0344 containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd

containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd...

7.5CVSS7.6AI score0.27392EPSS
Exploits4References15
amazon
amazon
added 2023/10/17 12:0 a.m.6 views

Medium: containerd

Issue Overview: A flaw was found in containerd CRI plugin. Containers launched through containerd CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers. The highest threat from this vulnerability is to data...

6.3CVSS6.9AI score0.02044EPSS
Exploits0
osv
osv
added 2022/06/06 10:7 p.m.36 views

GHSA-5FFW-GXPP-MXPF containerd CRI plugin: Host memory exhaustion through ExecSync

Impact A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory on the computer, denying service to other...

5.5CVSS6AI score0.00377EPSS
Exploits0References11
osv
osv
added 2022/03/02 9:33 p.m.48 views

GHSA-CRP2-QRR5-8PQ7 containerd CRI plugin: Insecure handling of image volumes

Impact A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...

7.5CVSS7.9AI score0.27392EPSS
Exploits4References16
amazon
amazon
added 2021/07/21 12:0 a.m.36 views

Medium: containerd

Issue Overview: A bug was discovered in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file or widen access...

6.8CVSS6.4AI score0.02044EPSS
Exploits2
fedora
fedora
added 2021/03/19 8:29 p.m.59 views

[SECURITY] Fedora 34 Update: golang-github-containerd-cri-1.19.0-3.20210307gitaa2d5a9.fc34

Cri is a native plugin of containerd 1.1 and above. It is built into contai nerd and enabled by default...

6.3CVSS1.8AI score0.02044EPSS
Exploits0
redhatcve
redhatcve
added 2021/03/11 8:1 p.m.35 views

CVE-2021-21334

A flaw was found in containerd CRI plugin. Containers launched through containerd's CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers. The highest threat from this vulnerability is to data confidentiali...

6.3CVSS2.9AI score0.02044EPSS
Exploits0References3
Rows per page
Query Builder