7.5
CVE-2026-41567
- EPSS 0.15%
- Veröffentlicht 05.06.2026 00:35:50
- Zuletzt bearbeitet 10.07.2026 12:16:49
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Docker: `PUT /containers/{id}/archive` executes container binary on the host
Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container's filesystem rather than the host's due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted imagesDaten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
≫
Produkt
Red Hat Openshift Data Foundation 4.22
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Exploit Intelligence
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Multicluster Engine for Kubernetes
Default Statusaffected
HerstellerRed Hat
≫
Produkt
OpenShift Lightspeed
Default Statusaffected
HerstellerRed Hat
≫
Produkt
OpenShift Source-to-Image (S2I)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Advanced Cluster Management for Kubernetes 2
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Ceph Storage 5
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Ceph Storage 7
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Ceph Storage 8
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Ceph Storage 9
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Hardened Images
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift AI (RHOAI)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift distributed tracing 3
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Multicluster Global Hub
Default Statusunaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.049 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.2 | 0.8 | 5.8 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 0.8 | 6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
https://bugzilla.redhat.com/show_bug.cgi?id=2485356
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41567.json
https://access.redhat.com/errata/RHSA-2026:37387
https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r
https://access.redhat.com/security/cve/CVE-2026-41567