20 matches found
OESA-2026-2892 containerd security update
containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...
CVE-2026-47262
A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd...
CVE-2026-53489
CVE-2026-53489 affects containerd CRI: when checkpoint restore occurs, the CRI plugin may read a host file by following a symlink for container.log. Vulnerable versions are prior to 2.3.2, 2.2.5 and 2.1.9. Impact described as arbitrary host file read via kubectl logs, with LOCAL attack potential ...
CVE-2026-53488
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands o...
CVE-2026-53488
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...
CVE-2026-53488 containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...
CVE-2026-53488
CVE-2026-53488 affects containerd’s CRI plugin: image config LABELs are propagated to containers without validation, enabling potential host-command execution via a plugin that consumes labels. Concrete details across connected docs confirm this vulnerability in containerd versions prior to 1.7.3...
CVE-2026-53488
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via ...
Containerd 1.7.x < 1.7.33 / 2.0.x < 2.0.10 / 2.1.x < 2.1.9 / 2.2.x < 2.2.5 / 2.3.x < 2.3.2 Multiple Vulnerabilities
The version of Containerd on the remote host is 1.7.x prior to 1.7.33, 2.0.x prior to 2.0.10, 2.1.x prior to 2.1.9, 2.2.x prior to 2.2.5, or 2.3.x prior to 2.3.2. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in containerd allows a maliciously crafted image to cause a...
GHSA-RGH6-RFWX-V388 Arbitrary host CRI log file read via symlink following in CRI checkpoint restore
Impact A bug was found in containerd where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. Patches This bug has been fixed in the following containerd versions: 2.3.2...
PT-2026-51057
Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description A bug in the CRI plugin allows the restoration of container.log from a checkpoint image without validating a symlinked path...
EUVD-2025-16049
Malicious code in bioql PyPI...
GO-2022-0482 containerd CRI plugin: Host memory exhaustion through ExecSync in github.com/containerd/containerd
containerd CRI plugin: Host memory exhaustion through ExecSync in github.com/containerd/containerd...
GO-2022-0344 containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd
containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd...
Medium: containerd
Issue Overview: A flaw was found in containerd CRI plugin. Containers launched through containerd CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers. The highest threat from this vulnerability is to data...
GHSA-5FFW-GXPP-MXPF containerd CRI plugin: Host memory exhaustion through ExecSync
Impact A bug was found in containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory on the computer, denying service to other...
GHSA-CRP2-QRR5-8PQ7 containerd CRI plugin: Insecure handling of image volumes
Impact A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...
Medium: containerd
Issue Overview: A bug was discovered in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file or widen access...
[SECURITY] Fedora 34 Update: golang-github-containerd-cri-1.19.0-3.20210307gitaa2d5a9.fc34
Cri is a native plugin of containerd 1.1 and above. It is built into contai nerd and enabled by default...
CVE-2021-21334
A flaw was found in containerd CRI plugin. Containers launched through containerd's CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers. The highest threat from this vulnerability is to data confidentiali...