Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for bubblewrap by containers
CVE-2026-41163 (GCVE-0-2026-41163)
Vulnerability from nvd – Published: 2026-05-09 03:56 – Updated: 2026-05-09 03:56
VLAI?
Title
bubblewrap vulnerable to privilege escalation in setuid mode via ptrace
Summary
bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitrarily use the privileged operations, and in particular the "overlay mount" operation, allowing the creation of overlay mounts which is otherwise not allowed in the setuid version of bubblewrap. This issue has been patched in version 0.11.2.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containers | bubblewrap |
Affected:
>= 0.11.0, < 0.11.2
|
{
"containers": {
"cna": {
"affected": [
{
"product": "bubblewrap",
"vendor": "containers",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.11.0, \u003c 0.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitrarily use the privileged operations, and in particular the \"overlay mount\" operation, allowing the creation of overlay mounts which is otherwise not allowed in the setuid version of bubblewrap. This issue has been patched in version 0.11.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-09T03:56:51.833Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containers/bubblewrap/security/advisories/GHSA-xq78-7hw4-5jvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containers/bubblewrap/security/advisories/GHSA-xq78-7hw4-5jvp"
},
{
"name": "https://github.com/containers/bubblewrap/releases/tag/v0.11.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/bubblewrap/releases/tag/v0.11.2"
}
],
"source": {
"advisory": "GHSA-xq78-7hw4-5jvp",
"discovery": "UNKNOWN"
},
"title": "bubblewrap vulnerable to privilege escalation in setuid mode via ptrace"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41163",
"datePublished": "2026-05-09T03:56:51.833Z",
"dateReserved": "2026-04-17T16:34:45.525Z",
"dateUpdated": "2026-05-09T03:56:51.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-5291 (GCVE-0-2020-5291)
Vulnerability from nvd – Published: 2020-03-31 18:00 – Updated: 2024-08-04 08:22
VLAI?
Title
Privilege escalation in setuid mode via user namespaces in Bubblewrap
Summary
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update.
Severity ?
7.2 (High)
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containers | bubblewrap |
Affected:
< 0.4.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bubblewrap",
"vendor": "containers",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648: Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-31T18:00:18.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240"
}
],
"source": {
"advisory": "GHSA-j2qp-rvxj-43vj",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation in setuid mode via user namespaces in Bubblewrap",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5291",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in setuid mode via user namespaces in Bubblewrap"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bubblewrap",
"version": {
"version_data": [
{
"version_value": "\u003c 0.4.1"
}
]
}
}
]
},
"vendor_name": "containers"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648: Incorrect Use of Privileged APIs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj",
"refsource": "CONFIRM",
"url": "https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj"
},
{
"name": "https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240",
"refsource": "MISC",
"url": "https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240"
}
]
},
"source": {
"advisory": "GHSA-j2qp-rvxj-43vj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5291",
"datePublished": "2020-03-31T18:00:18.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-41163 (GCVE-0-2026-41163)
Vulnerability from cvelistv5 – Published: 2026-05-09 03:56 – Updated: 2026-05-09 03:56
VLAI?
Title
bubblewrap vulnerable to privilege escalation in setuid mode via ptrace
Summary
bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitrarily use the privileged operations, and in particular the "overlay mount" operation, allowing the creation of overlay mounts which is otherwise not allowed in the setuid version of bubblewrap. This issue has been patched in version 0.11.2.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containers | bubblewrap |
Affected:
>= 0.11.0, < 0.11.2
|
{
"containers": {
"cna": {
"affected": [
{
"product": "bubblewrap",
"vendor": "containers",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.11.0, \u003c 0.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitrarily use the privileged operations, and in particular the \"overlay mount\" operation, allowing the creation of overlay mounts which is otherwise not allowed in the setuid version of bubblewrap. This issue has been patched in version 0.11.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-09T03:56:51.833Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containers/bubblewrap/security/advisories/GHSA-xq78-7hw4-5jvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containers/bubblewrap/security/advisories/GHSA-xq78-7hw4-5jvp"
},
{
"name": "https://github.com/containers/bubblewrap/releases/tag/v0.11.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/bubblewrap/releases/tag/v0.11.2"
}
],
"source": {
"advisory": "GHSA-xq78-7hw4-5jvp",
"discovery": "UNKNOWN"
},
"title": "bubblewrap vulnerable to privilege escalation in setuid mode via ptrace"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41163",
"datePublished": "2026-05-09T03:56:51.833Z",
"dateReserved": "2026-04-17T16:34:45.525Z",
"dateUpdated": "2026-05-09T03:56:51.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-5291 (GCVE-0-2020-5291)
Vulnerability from cvelistv5 – Published: 2020-03-31 18:00 – Updated: 2024-08-04 08:22
VLAI?
Title
Privilege escalation in setuid mode via user namespaces in Bubblewrap
Summary
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update.
Severity ?
7.2 (High)
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containers | bubblewrap |
Affected:
< 0.4.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bubblewrap",
"vendor": "containers",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648: Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-31T18:00:18.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240"
}
],
"source": {
"advisory": "GHSA-j2qp-rvxj-43vj",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation in setuid mode via user namespaces in Bubblewrap",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5291",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in setuid mode via user namespaces in Bubblewrap"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bubblewrap",
"version": {
"version_data": [
{
"version_value": "\u003c 0.4.1"
}
]
}
}
]
},
"vendor_name": "containers"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648: Incorrect Use of Privileged APIs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj",
"refsource": "CONFIRM",
"url": "https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj"
},
{
"name": "https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240",
"refsource": "MISC",
"url": "https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240"
}
]
},
"source": {
"advisory": "GHSA-j2qp-rvxj-43vj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5291",
"datePublished": "2020-03-31T18:00:18.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}