7.5

CVE-2026-41567

Docker: `PUT /containers/{id}/archive` executes container binary on the host

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container's filesystem rather than the host's due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
Produkt Red Hat Openshift Data Foundation 4.22
Default Statusaffected
HerstellerRed Hat
Produkt Exploit Intelligence
Default Statusaffected
HerstellerRed Hat
Produkt Multicluster Engine for Kubernetes
Default Statusaffected
HerstellerRed Hat
Produkt OpenShift Lightspeed
Default Statusaffected
HerstellerRed Hat
Produkt OpenShift Source-to-Image (S2I)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Advanced Cluster Management for Kubernetes 2
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Ceph Storage 5
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Ceph Storage 7
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Ceph Storage 8
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Ceph Storage 9
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Hardened Images
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift AI (RHOAI)
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift distributed tracing 3
Default Statusaffected
HerstellerRed Hat
Produkt Multicluster Global Hub
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.049
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 7.2 0.8 5.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 0.8 6
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://bugzilla.redhat.com/show_bug.cgi?id=2485356
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41567.json
https://access.redhat.com/errata/RHSA-2026:37387
https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r
https://access.redhat.com/security/cve/CVE-2026-41567