63 matches found
CVE-2026-53492
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during...
github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during...
github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during...
GHSA-XJVP-4FHW-GC47 vulnerabilities
Vulnerabilities for packages: nvidia-container-toolkit, node-feature-discovery, sriov-network-device-plugin, cadvisor-fips, nvidia-container-toolkit-fips, prometheus-podman-exporter, node-feature-discovery-fips, cadvisor, rancher-agent, podman, k8s-device-plugin-fips, gpu-operator,...
CVE-2026-41579 vulnerabilities
Vulnerabilities for packages: nvidia-container-toolkit, node-feature-discovery, sriov-network-device-plugin, cadvisor-fips, nvidia-container-toolkit-fips, prometheus-podman-exporter, node-feature-discovery-fips, cadvisor, rancher-agent, podman, k8s-device-plugin-fips, gpu-operator,...
GHSA-XJVP-4FHW-GC47 vulnerabilities
Vulnerabilities for packages: rancher, podman, sriov-network-device-plugin, nvidia-container-toolkit, node-feature-discovery, rancher-agent, cadvisor, buildah, k8s-device-plugin...
CVE-2026-41579 vulnerabilities
Vulnerabilities for packages: rancher, podman, sriov-network-device-plugin, nvidia-container-toolkit, node-feature-discovery, rancher-agent, cadvisor, buildah, k8s-device-plugin...
containerd CRI checkpoint restore CDI annotation smuggling
Impact containerd's CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive...
CVE-2026-42506 affecting package sriov-network-device-plugin for versions less than 3.7.0-6
CVE-2026-42506 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...
CVE-2026-27136 affecting package sriov-network-device-plugin for versions less than 3.7.0-6
CVE-2026-27136 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...
CVE-2026-42502 affecting package sriov-network-device-plugin for versions less than 3.7.0-6
CVE-2026-42502 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...
CVE-2026-25680 affecting package sriov-network-device-plugin for versions less than 3.7.0-6
CVE-2026-25680 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...
CVE-2026-25681 affecting package sriov-network-device-plugin for versions less than 3.7.0-6
CVE-2026-25681 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during...
CVE-2026-32282 vulnerabilities
Vulnerabilities for packages: hubble, datadog-agent, istio, gitaly, kine, flux, external-dns, nerdctl, spire-server, k3s, karpenter, kubernetes, knative-eventing, chezmoi, cilium-cli, mattermost, runc, keda, argo-cd, aactl, kaf, gitlab-kas, dask-gateway, prometheus, k8s-device-plugin, net-kourier...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: trivy-operator, logstash-exporter, eksctl, kuberlr, opensearch-k8s-operator, aws-s3-controller, portieris, sriov-network-device-plugin, vt-cli, supercronic, nri-postgresql, docker-cli, grafana-rollout-operator, chart-testing, cert-manager-cmctl, s5cmd, gatekeeper,...
CVE-2025-58190 affecting package sriov-network-device-plugin for versions less than 3.7.0-5
CVE-2025-58190 affecting package sriov-network-device-plugin for versions less than 3.7.0-5. A patched version of the package is available...
CVE-2025-47911 affecting package sriov-network-device-plugin for versions less than 3.7.0-5
CVE-2025-47911 affecting package sriov-network-device-plugin for versions less than 3.7.0-5. A patched version of the package is available...
CVE-2025-47911 affecting package sriov-network-device-plugin for versions less than 3.6.2-11
CVE-2025-47911 affecting package sriov-network-device-plugin for versions less than 3.6.2-11. A patched version of the package is available...