CVE-2026-55686

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

CVE-2026-57231

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk wi...

CVE-2026-55686 Podman: WORKDIR symlink traversal vulnerability

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

EUVD-2026-39808

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

CVE-2026-55686

Summary of CVE-2026-55686 (Podman: WORKDIR symlink traversal) Affects Podman versions 3.0.0 through 5.7.0 where a container image run with a crafted WORKDIR path that contains a symlink can cause a host filesystem change: create a directory or modify ownership. Ownership modification is less like...

CVE-2026-57231

CVE-2026-57231 affects Podman versions 1.8.1 through 5.8.4, where a container image with an Env entry having only a key (and using the * wildcard) can cause host environment variables to be leaked into the container at run time. The PTSecurity document confirms the issue is addressed in Podman 5....

PT-2026-52554

Name of the Vulnerable Software and Affected Versions Podman versions 1.8.1 through 5.8.4 Description A malicious container image can trick Podman into leaking host environment variables into the container. This occurs when an image contains an Env entry consisting of a key without a value...

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: nvidia-container-toolkit, node-feature-discovery, podman-fips, prometheus-podman-exporter, node-feature-discovery-fips, nvidia-container-toolkit-fips, gpu-operator-fips, buildah-fips, sriov-network-device-plugin-fips, k8s-device-plugin, rancher-agent, rancher,...

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: nvidia-container-toolkit, node-feature-discovery, podman-fips, prometheus-podman-exporter, node-feature-discovery-fips, nvidia-container-toolkit-fips, gpu-operator-fips, buildah-fips, sriov-network-device-plugin-fips, k8s-device-plugin, rancher-agent, rancher,...

GHSA-XJVP-4FHW-GC47 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

Impact When setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names a...

CVE-2026-42573

A flaw was found in Svelte, a web framework. An attacker could exploit a DOM clobbering vulnerability, which allows manipulation of the Document Object Model DOM to overwrite internal framework state on elements. This could potentially lead to Cross-Site Scripting XSS attacks, enabling the attack...

GHSA-Q6R4-3WMG-FWCQ Podman: WORKDIR symlink traversal vulnerability

Summary Running a malicous container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree durin...

Podman: WORKDIR symlink traversal vulnerability

Summary Running a malicous container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree durin...

PT-2026-50742

Name of the Vulnerable Software and Affected Versions Podman versions prior to 5.7.1 Description Running a malicious container image where the WORKDIR path contains a symlink can allow an attacker to create a directory or modify ownership on the host filesystem. Modifying ownership is less likely...

CVE-2026-55686

creationtimestamp| type| source ---|---|--- 2026-06-17 16:22:45+00:00| published-proof-of-concept| https://github.com/podman-container-tools/podman/security/advisories/GHSA-q6r4-3wmg-fwcq...

RHSA-2026:26445 Red Hat Security Advisory: podman security update

Bulletin has no description...

RHSA-2026:26447 Red Hat Security Advisory: podman security update

Bulletin has no description...

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

PT-2026-49604

Name of the Vulnerable Software and Affected Versions Buildah versions prior to 1.43.2 Buildah versions prior to 1.44 Podman versions prior to 5.8.3 Description When processing build contexts or add/copy instructions, a malicious server serving a Git repository or a tar archive file can cause fil...