FKIE_CVE-2026-1386

Vulnerability from fkie_nvd - Published: 2026-01-23 21:15 - Updated: 2026-01-30 16:57
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
References
ff89ba41-3aa1-4d27-914a-91399e9639e5https://aws.amazon.com/security/security-bulletins/2026-003-AWS/Vendor Advisory
ff89ba41-3aa1-4d27-914a-91399e9639e5https://github.com/firecracker-microvm/firecracker/releases/tag/v1.13.2Release Notes, Product
ff89ba41-3aa1-4d27-914a-91399e9639e5https://github.com/firecracker-microvm/firecracker/releases/tag/v1.14.1Release Notes, Product
ff89ba41-3aa1-4d27-914a-91399e9639e5https://github.com/firecracker-microvm/firecracker/security/advisories/GHSA-36j2-f825-qvgcVendor Advisory
Impacted products
Vendor Product Version
amazon firecracker *
amazon firecracker 1.14.0
amazon firecracker 1.14.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:amazon:firecracker:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5711475-1683-4678-A801-CEE4DD77C20E",
              "versionEndExcluding": "1.13.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:amazon:firecracker:1.14.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "C1831DAD-F5BB-42AF-8CD4-EA9CD67C1247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:amazon:firecracker:1.14.0:dev:*:*:*:*:*:*",
              "matchCriteriaId": "0067E934-76C2-4FE3-AA7E-9BD7C8C98135",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A UNIX symbolic link following issue in the jailer component in Firecracker version  v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. \n\nTo mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above."
    },
    {
      "lang": "es",
      "value": "Un problema de seguimiento de enlaces simb\u00f3licos de UNIX en el componente jailer en Firecracker versi\u00f3n v1.13.1 y anteriores y 1.14.0 en Linux puede permitir a un usuario local del host con acceso de escritura a los directorios precreados del jailer sobrescribir archivos arbitrarios del host a trav\u00e9s de un ataque de enlace simb\u00f3lico durante la copia de inicializaci\u00f3n al inicio del jailer, si el jailer se ejecuta con privilegios de root.\n\nPara mitigar este problema, los usuarios deben actualizar a la versi\u00f3n v1.13.2 o 1.14.1 o superior."
    }
  ],
  "id": "CVE-2026-1386",
  "lastModified": "2026-01-30T16:57:56.657",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.2,
        "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-23T21:15:51.397",
  "references": [
    {
      "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://aws.amazon.com/security/security-bulletins/2026-003-AWS/"
    },
    {
      "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
      "tags": [
        "Release Notes",
        "Product"
      ],
      "url": "https://github.com/firecracker-microvm/firecracker/releases/tag/v1.13.2"
    },
    {
      "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
      "tags": [
        "Release Notes",
        "Product"
      ],
      "url": "https://github.com/firecracker-microvm/firecracker/releases/tag/v1.14.1"
    },
    {
      "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/firecracker-microvm/firecracker/security/advisories/GHSA-36j2-f825-qvgc"
    }
  ],
  "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-61"
        }
      ],
      "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.