2 matches found
CVE-2026-30892 Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...
CVE-2026-30892
CVE-2026-30892 (crun) : Affected are crun versions 1.19–1.26 where the --user option parsing misinterprets the value 1 as UID 0, GID 0, allowing a process to run with elevated privileges. The issue is fixed in crun 1.27. Impact is privilege escalation on local/host context; exploitation is local ...