RHSA-2026:35111

Vulnerability from csaf_redhat - Published: 2026-07-02 23:34 - Updated: 2026-07-03 23:00
Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs: trivy: * trivy-0.72.0-0.1.hum1 (aarch64, x86_64) * trivy-0.72.0-0.1.hum1.src (src) Security Fix(es): trivy: * CVE-2026-46680 * CVE-2026-47262 * CVE-2026-53488
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.

CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:trivy-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Important

A flaw was found in containerd, an open-source container runtime. Containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. This vulnerability allows a crafted container image to bypass the Kubernetes `runAsNonRoot` restriction, potentially leading to privilege escalation where the container runs as the root user (UID 0). This can cause unexpected behavior in environments designed to enforce non-root user execution.

CWE-681 - Incorrect Conversion between Numeric Types
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:trivy-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Important

A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd process to terminate. This results in a Denial of Service (DoS) condition, making the container runtime API unavailable and disrupting clients like Docker Engine or Kubernetes.

CWE-770 - Allocation of Resources Without Limits or Throttling
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:trivy-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Moderate

A flaw was found in containerd, an open-source container runtime. The CRI (Container Runtime Interface) checkpoint import process fails to validate image references within a checkpoint image's configuration. An attacker with permissions to create pods can exploit this by using a specially crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag. This action poisons the node's local image cache, leading to other pods unknowingly executing the attacker's malicious image instead of the legitimate one, which can result in arbitrary code execution under the victim pod's identity.

CWE-1289 - Improper Validation of Unsafe Equivalence in Input
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:trivy-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Moderate

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:trivy-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Important
References
URL Category
https://access.redhat.com/errata/RHSA-2026:35111 self
https://access.redhat.com/security/cve/CVE-2026-46680 external
https://access.redhat.com/security/cve/CVE-2026-47262 external
https://access.redhat.com/security/cve/CVE-2026-53488 external
https://access.redhat.com/security/updates/classi… external
https://images.redhat.com/ external
https://access.redhat.com/security/cve/CVE-2026-50195 external
https://access.redhat.com/security/cve/CVE-2026-32285 external
https://security.access.redhat.com/data/csaf/v2/a… self
https://access.redhat.com/security/cve/CVE-2026-32285 self
https://bugzilla.redhat.com/show_bug.cgi?id=2451846 external
https://www.cve.org/CVERecord?id=CVE-2026-32285 external
https://nvd.nist.gov/vuln/detail/CVE-2026-32285 external
https://github.com/buger/jsonparser/issues/275 external
https://github.com/golang/vulndb/issues/4514 external
https://pkg.go.dev/vuln/GO-2026-4514 external
https://access.redhat.com/security/cve/CVE-2026-46680 self
https://bugzilla.redhat.com/show_bug.cgi?id=2496104 external
https://www.cve.org/CVERecord?id=CVE-2026-46680 external
https://nvd.nist.gov/vuln/detail/CVE-2026-46680 external
https://github.com/containerd/containerd/security… external
https://access.redhat.com/security/cve/CVE-2026-47262 self
https://bugzilla.redhat.com/show_bug.cgi?id=2496126 external
https://www.cve.org/CVERecord?id=CVE-2026-47262 external
https://nvd.nist.gov/vuln/detail/CVE-2026-47262 external
https://github.com/containerd/containerd/security… external
https://access.redhat.com/security/cve/CVE-2026-50195 self
https://bugzilla.redhat.com/show_bug.cgi?id=2496128 external
https://www.cve.org/CVERecord?id=CVE-2026-50195 external
https://nvd.nist.gov/vuln/detail/CVE-2026-50195 external
https://github.com/containerd/containerd/security… external
https://access.redhat.com/security/cve/CVE-2026-53488 self
https://bugzilla.redhat.com/show_bug.cgi?id=2495815 external
https://www.cve.org/CVERecord?id=CVE-2026-53488 external
https://nvd.nist.gov/vuln/detail/CVE-2026-53488 external
https://github.com/containerd/containerd/security… external

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\ntrivy:\n  * trivy-0.72.0-0.1.hum1 (aarch64, x86_64)\n  * trivy-0.72.0-0.1.hum1.src (src)\n\nSecurity Fix(es):\n\ntrivy:\n  * CVE-2026-46680\n  * CVE-2026-47262\n  * CVE-2026-53488",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:35111",
        "url": "https://access.redhat.com/errata/RHSA-2026:35111"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-46680",
        "url": "https://access.redhat.com/security/cve/CVE-2026-46680"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-47262",
        "url": "https://access.redhat.com/security/cve/CVE-2026-47262"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-53488",
        "url": "https://access.redhat.com/security/cve/CVE-2026-53488"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-50195",
        "url": "https://access.redhat.com/security/cve/CVE-2026-50195"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-32285",
        "url": "https://access.redhat.com/security/cve/CVE-2026-32285"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35111.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update",
    "tracking": {
      "current_release_date": "2026-07-03T23:00:26+00:00",
      "generator": {
        "date": "2026-07-03T23:00:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.1"
        }
      },
      "id": "RHSA-2026:35111",
      "initial_release_date": "2026-07-02T23:34:03+00:00",
      "revision_history": [
        {
          "date": "2026-07-02T23:34:03+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-07-03T22:55:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-07-03T23:00:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "trivy-main@aarch64",
                "product": {
                  "name": "trivy-main@aarch64",
                  "product_id": "trivy-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/trivy@0.72.0-0.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "trivy-main@src",
                "product": {
                  "name": "trivy-main@src",
                  "product_id": "trivy-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/trivy@0.72.0-0.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "trivy-main@x86_64",
                "product": {
                  "name": "trivy-main@x86_64",
                  "product_id": "trivy-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/trivy@0.72.0-0.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trivy-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:trivy-main@aarch64"
        },
        "product_reference": "trivy-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trivy-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:trivy-main@src"
        },
        "product_reference": "trivy-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trivy-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:trivy-main@x86_64"
        },
        "product_reference": "trivy-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-32285",
      "cwe": {
        "id": "CWE-1285",
        "name": "Improper Validation of Specified Index, Position, or Offset in Input"
      },
      "discovery_date": "2026-03-26T20:01:54.925687+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2451846"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in github.com/buger/jsonparser. The Delete function, when processing malformed JSON input, fails to properly validate offsets. This vulnerability can lead to a negative slice index and a runtime panic, allowing a remote attacker to cause a denial of service (DoS) by providing specially crafted JSON data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:trivy-main@aarch64",
          "Red Hat Hardened Images:trivy-main@src",
          "Red Hat Hardened Images:trivy-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32285"
        },
        {
          "category": "external",
          "summary": "RHBZ#2451846",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451846"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32285",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32285"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285"
        },
        {
          "category": "external",
          "summary": "https://github.com/buger/jsonparser/issues/275",
          "url": "https://github.com/buger/jsonparser/issues/275"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/vulndb/issues/4514",
          "url": "https://github.com/golang/vulndb/issues/4514"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4514",
          "url": "https://pkg.go.dev/vuln/GO-2026-4514"
        }
      ],
      "release_date": "2026-03-26T19:40:51.837000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-02T23:34:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:35111"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input"
    },
    {
      "cve": "CVE-2026-46680",
      "cwe": {
        "id": "CWE-681",
        "name": "Incorrect Conversion between Numeric Types"
      },
      "discovery_date": "2026-07-01T18:02:18.277866+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2496104"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in containerd, an open-source container runtime. Containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. This vulnerability allows a crafted container image to bypass the Kubernetes `runAsNonRoot` restriction, potentially leading to privilege escalation where the container runs as the root user (UID 0). This can cause unexpected behavior in environments designed to enforce non-root user execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/containerd/containerd: containerd: Privilege escalation via incorrect user ID handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenShift Container Platform and its layered products include the containerd Go library as a build-time dependency for various components. These products do not use containerd as a container runtime; CRI-O is used instead. The vulnerable code path responsible for parsing User directives during container runtime spec generation is not exercised. Therefore, although the containerd library is present in shipped binaries, the vulnerability is not exploitable in the context of Red Hat products.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:trivy-main@aarch64",
          "Red Hat Hardened Images:trivy-main@src",
          "Red Hat Hardened Images:trivy-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-46680"
        },
        {
          "category": "external",
          "summary": "RHBZ#2496104",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496104"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-46680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-46680"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46680",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46680"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w",
          "url": "https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w"
        }
      ],
      "release_date": "2026-07-01T17:40:25.499000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-02T23:34:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:35111"
        },
        {
          "category": "workaround",
          "details": "Enforce a specific numeric runAsUser in the Kubernetes Pod securityContext, which overrides the User directive in the container image and prevents the bypass. Additionally, restrict access to push container images to trusted users only, and validate image provenance before deployment.",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/containerd/containerd: containerd: Privilege escalation via incorrect user ID handling"
    },
    {
      "cve": "CVE-2026-47262",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-07-01T19:01:12.673142+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2496126"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd process to terminate. This results in a Denial of Service (DoS) condition, making the container runtime API unavailable and disrupting clients like Docker Engine or Kubernetes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat\u0027s container platform uses CRI-O as its container runtime interface, not containerd. While containerd libraries are bundled in some images for OCI image operations (e.g., estargz support via skopeo), the containerd daemon and its CRI plugin (where the vulnerable group-parsing code path exists) are not executed. Therefore, this vulnerability is not exploitable in Red Hat products.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:trivy-main@aarch64",
          "Red Hat Hardened Images:trivy-main@src",
          "Red Hat Hardened Images:trivy-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-47262"
        },
        {
          "category": "external",
          "summary": "RHBZ#2496126",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496126"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-47262",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47262"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47262",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47262"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq",
          "url": "https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq"
        }
      ],
      "release_date": "2026-07-01T17:48:43.205000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-02T23:34:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:35111"
        },
        {
          "category": "workaround",
          "details": "No mitigation is needed for Red Hat products. The vulnerable code path in containerd\u0027s CRI plugin group-parsing logic is not executed because Red Hat uses CRI-O as the container runtime. Products that bundle containerd as a library dependency for OCI image operations are not affected.",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing"
    },
    {
      "cve": "CVE-2026-50195",
      "cwe": {
        "id": "CWE-1289",
        "name": "Improper Validation of Unsafe Equivalence in Input"
      },
      "discovery_date": "2026-07-01T19:01:23.888854+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2496128"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in containerd, an open-source container runtime. The CRI (Container Runtime Interface) checkpoint import process fails to validate image references within a checkpoint image\u0027s configuration. An attacker with permissions to create pods can exploit this by using a specially crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag. This action poisons the node\u0027s local image cache, leading to other pods unknowingly executing the attacker\u0027s malicious image instead of the legitimate one, which can result in arbitrary code execution under the victim pod\u0027s identity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/containerd/containerd: containerd: Arbitrary code execution via CRI checkpoint image tag poisoning",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat products include the containerd Go module (v1.x) as a library dependency. The vulnerable CRI checkpoint import functionality was introduced in containerd v2.1.0 and is not present in the v1 module shipped in Red Hat products. Additionally, Red Hat products use CRI-O as the container runtime, not containerd, so the CRI checkpoint import code path is not exercised.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:trivy-main@aarch64",
          "Red Hat Hardened Images:trivy-main@src",
          "Red Hat Hardened Images:trivy-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-50195"
        },
        {
          "category": "external",
          "summary": "RHBZ#2496128",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496128"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-50195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50195"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-50195",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50195"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574",
          "url": "https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574"
        }
      ],
      "release_date": "2026-07-01T17:50:53.072000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-02T23:34:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:35111"
        },
        {
          "category": "workaround",
          "details": "No mitigation is needed as the vulnerable code is not present in the containerd versions shipped in Red Hat products.",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "github.com/containerd/containerd: containerd: Arbitrary code execution via CRI checkpoint image tag poisoning"
    },
    {
      "cve": "CVE-2026-53488",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2026-07-01T02:01:09.589815+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2495815"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A flaw was found in containerd where the CRI plugin propagates labels from an image configuration (LABEL instruction in a Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host via a plugin that consumes container labels for operations, such as the restart-monitor binary:// logger. An attacker who can cause a crafted container image to be pulled and run can achieve host-level code execution.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:trivy-main@aarch64",
          "Red Hat Hardened Images:trivy-main@src",
          "Red Hat Hardened Images:trivy-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-53488"
        },
        {
          "category": "external",
          "summary": "RHBZ#2495815",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2495815"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-53488",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53488"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53488",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53488"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp",
          "url": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp"
        }
      ],
      "release_date": "2026-07-01T00:11:20.610000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-02T23:34:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:35111"
        },
        {
          "category": "workaround",
          "details": "Restrict container image pulls to trusted registries using admission policies or image signature verification. Where containerd is used as the container runtime, disable or restrict the binary:// logger URI scheme in the containerd configuration to prevent the label-to-logger attack path.",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…