CVE-2026-53489
- EPSS 0.25%
- Veröffentlicht 01.07.2026 18:10:41
- Zuletzt bearbeitet 02.07.2026 19:33:12
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary ...
CVE-2026-53492
- EPSS 0.48%
- Veröffentlicht 01.07.2026 17:59:12
- Zuletzt bearbeitet 02.07.2026 19:33:00
containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container resto...
CVE-2026-50195
- EPSS 0.32%
- Veröffentlicht 01.07.2026 17:50:53
- Zuletzt bearbeitet 02.07.2026 19:43:59
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration....
CVE-2026-47262
- EPSS 0.46%
- Veröffentlicht 01.07.2026 17:48:43
- Zuletzt bearbeitet 02.07.2026 19:40:45
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from thi...
CVE-2026-46680
- EPSS 0.22%
- Veröffentlicht 01.07.2026 17:40:25
- Zuletzt bearbeitet 03.07.2026 04:17:53
containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNo...
CVE-2026-53488
- EPSS 0.23%
- Veröffentlicht 01.07.2026 00:11:20
- Zuletzt bearbeitet 03.07.2026 04:17:55
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in...
CVE-2025-64329
- EPSS 0.16%
- Veröffentlicht 07.11.2025 04:15:09
- Zuletzt bearbeitet 31.12.2025 18:34:48
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on t...
CVE-2024-25621
- EPSS 0.16%
- Veröffentlicht 06.11.2025 18:36:21
- Zuletzt bearbeitet 31.12.2025 02:29:30
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib...
CVE-2025-47291
- EPSS 0.24%
- Veröffentlicht 21.05.2025 17:26:31
- Zuletzt bearbeitet 19.09.2025 17:25:42
containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarch...
CVE-2025-47290
- EPSS 0.44%
- Veröffentlicht 20.05.2025 18:25:51
- Zuletzt bearbeitet 19.09.2025 17:28:20
containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. ...