OESA-2026-2557 kata-containers security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: 'This vulnerability was fixed in Kata Containers 3.31.0:', 'Description:\n\nIn the runtime-rs standalone virtio-fs path, Kata Containers runs virtiofsd\nas root with --sandbox none --seccom...

CVE-2026-39821 affecting package kata-containers for versions less than 3.19.1.kata3-3

CVE-2026-39821 affecting package kata-containers for versions less than 3.19.1.kata3-3. A patched version of the package is available...

CVE-2026-39821 affecting package kata-containers-cc for versions less than 3.15.0.aks0-11

CVE-2026-39821 affecting package kata-containers-cc for versions less than 3.15.0.aks0-11. A patched version of the package is available...

GHSA-RR59-XXVX-96QR Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations

Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the io.katacontainers.config.hypervisor.virtiofsextraargs pod annotation. By injecting -o source=/ along with --no-announce-submounts a...

PT-2026-43453

Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the io.katacontainers.config.hypervisor.virtio fs extra args pod annotation. By injecting -o source=/ along with --no-announce-submount...

PT-2026-42534

Name of the Vulnerable Software and Affected Versions Kata Containers runtime-rs versions prior to 3.31.0 Description A symlink escape exists when virtiofsd is run as root with the flags --sandbox none and --seccomp none. A raw FUSE SYMLINK request allows a guest root user to create symlinks owne...

CVE-2026-44210

creationtimestamp| type| source ---|---|--- 2026-05-20 08:20:32+00:00| published-proof-of-concept| https://github.com/kata-containers/kata-containers/security/advisories/GHSA-rr59-xxvx-96qr...

CVE-2026-41602 affecting package kata-containers for versions less than 3.19.1.kata3-2

CVE-2026-41602 affecting package kata-containers for versions less than 3.19.1.kata3-2. A patched version of the package is available...

OESA-2026-2309 kata-containers-go security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations i...

CVE-2026-41602 affecting package kata-containers-cc for versions less than 3.15.0.aks0-10

CVE-2026-41602 affecting package kata-containers-cc for versions less than 3.15.0.aks0-10. A patched version of the package is available...

CVE-2026-41326

A flaw was found in Kata Containers. An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those...

GHSA-RH99-WC69-C255 Contras Affected by CopyFile Policy Subversion via Symlinks

Impact The Kata agent policies generated by the Contrast CLI had an issue in the CopyFile verification, which allowed arbitrary writes to the guest root filesytem. A malicious process on the host with the capability to connect to the Kata agent VSOCK could connect to the agent and issue a series ...

CVE-2026-41326

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...

CVE-2026-41326

Kata Containers CVE-2026-41326 affects versions v3.4.0–v3.28.0 due to an oversight in the CopyFile policy/handler that allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can overwrite binaries inside the guest and exfiltrate data from containers, includin...

EUVD-2026-25611

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...

CVE-2026-41326 Kata Containers: CopyFile Policy Subversion via Symlinks

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...

CVE-2026-41326

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...

CVE-2026-41326 Kata Containers: CopyFile Policy Subversion via Symlinks

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...

PT-2026-35062

Name of the Vulnerable Software and Affected Versions Kata Containers versions 3.4.0 through 3.28.0 Description An oversight in the CopyFile policy and potentially the CopyFile handler allows untrusted hosts to write to arbitrary locations within the guest workload image. This flaw can be exploit...

Kata Containers 安全漏洞

Kata Containers is an open-source, lightweight virtual infrastructure building tool developed by the Kata Containers community. Versions 3.4.0 to 3.28.0 of Kata Containers contain security vulnerabilities. These vulnerabilities stem from improper handling of the CopyFile strategy, which may allow...