3 matches found
CVE-2022-27650
CVE-2022-27650 describes a flaw where crun (and related components used by container runtimes like Moby/Docker Engine) can cause containers to start with non-empty default inheritable capabilities. The issue enables an attacker who has access to programs with inheritable file capabilities to elev...
CVE-2019-18837
CVE-2019-18837 affects crun prior to 0.10.5. A crafted image can bypass target-symlink checks, granting access to files outside the container via the codepaths in libcrun/linux.c and libcrun/chroot_realpath.c. The vulnerability has multiple vendor/advisory references (Red Hat, Debian, OSV, CVE li...
CVE-2026-30892
CVE-2026-30892 (crun) : Affected are crun versions 1.19–1.26 where the --user option parsing misinterprets the value 1 as UID 0, GID 0, allowing a process to run with elevated privileges. The issue is fixed in crun 1.27. Impact is privilege escalation on local/host context; exploitation is local ...