CVE-2026-24835

CVE-2026-24835 : Podman Desktop contains a critical authentication bypass where isAccessAllowed() unconditionally returns true, allowing malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources. Affected: Podman Desktop (all versions prior to 1....

CVE-2026-34045

Podman Desktop prior to 1.26.2 contains an unauthenticated HTTP server that, due to missing connection limits and timeouts, can be abused over the network to trigger denial-of-service conditions and to extract sensitive information. The vulnerability can exhaust file descriptors and kernel memory...