RHSA-2026:15862

Vulnerability from csaf_redhat - Published: 2026-05-09 15:24 - Updated: 2026-07-03 14:58
Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Critical
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs: trivy: * trivy-0.69.3-1.2.hum1 (aarch64, x86_64) * trivy-0.69.3-1.2.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:trivy-main@src
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64
Vendor Fix fix
Threats
Impact Important

A flaw was found in OpenTelemetry-Go (before schema package version 0.0.17). ParseFile in go.opentelemetry.io/otel/schema/v1.0 and v1.1 opens a schema file and passes it to Parse without closing it, leaking one file descriptor per successful call. Repeated parsing in a long-running process can exhaust the file descriptor limit and cause denial of service.

CWE-772 - Missing Release of Resource after Effective Lifetime
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:trivy-main@src
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64
Vendor Fix fix
Threats
Impact Low

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin incorrectly restores container logs from a checkpoint image. This vulnerability, categorized as a Path Traversal (CWE-61), allows an attacker to read arbitrary files on the host system by manipulating symlinked paths during the checkpoint restore process. This can lead to unauthorized information disclosure from the host.

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:trivy-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Important

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. This vulnerability enables a user with permissions to create pods to bypass standard Kubernetes resource allocation and device plugin enforcement. Consequently, an attacker can inject arbitrary CDI edits, such as device nodes and host mounts, into the restored container, potentially leading to unauthorized resource access or privilege escalation.

CWE-807 - Reliance on Untrusted Inputs in a Security Decision
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:trivy-main@src
Vendor Fix fix
Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64
Vendor Fix fix
Threats
Impact Critical
References
URL Category
https://access.redhat.com/errata/RHSA-2026:15862 self
https://images.redhat.com/ external
https://access.redhat.com/security/cve/CVE-2026-45287 external
https://access.redhat.com/security/updates/classi… external
https://access.redhat.com/security/cve/CVE-2026-44432 external
https://access.redhat.com/security/cve/CVE-2026-53492 external
https://access.redhat.com/security/cve/CVE-2026-53489 external
https://access.redhat.com/security/cve/CVE-2026-40898 external
https://security.access.redhat.com/data/csaf/v2/a… self
https://access.redhat.com/security/cve/CVE-2026-44432 self
https://bugzilla.redhat.com/show_bug.cgi?id=2477154 external
https://www.cve.org/CVERecord?id=CVE-2026-44432 external
https://nvd.nist.gov/vuln/detail/CVE-2026-44432 external
https://github.com/urllib3/urllib3/security/advis… external
https://access.redhat.com/security/cve/CVE-2026-45287 self
https://bugzilla.redhat.com/show_bug.cgi?id=2484831 external
https://www.cve.org/CVERecord?id=CVE-2026-45287 external
https://nvd.nist.gov/vuln/detail/CVE-2026-45287 external
https://github.com/open-telemetry/opentelemetry-g… external
https://github.com/open-telemetry/opentelemetry-g… external
https://github.com/open-telemetry/opentelemetry-g… external
https://access.redhat.com/security/cve/CVE-2026-53489 self
https://bugzilla.redhat.com/show_bug.cgi?id=2496129 external
https://www.cve.org/CVERecord?id=CVE-2026-53489 external
https://nvd.nist.gov/vuln/detail/CVE-2026-53489 external
https://github.com/containerd/containerd/security… external
https://access.redhat.com/security/cve/CVE-2026-53492 self
https://bugzilla.redhat.com/show_bug.cgi?id=2496130 external
https://www.cve.org/CVERecord?id=CVE-2026-53492 external
https://nvd.nist.gov/vuln/detail/CVE-2026-53492 external
https://github.com/containerd/containerd/security… external

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\ntrivy:\n  * trivy-0.69.3-1.2.hum1 (aarch64, x86_64)\n  * trivy-0.69.3-1.2.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:15862",
        "url": "https://access.redhat.com/errata/RHSA-2026:15862"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-45287",
        "url": "https://access.redhat.com/security/cve/CVE-2026-45287"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44432"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-53492",
        "url": "https://access.redhat.com/security/cve/CVE-2026-53492"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-53489",
        "url": "https://access.redhat.com/security/cve/CVE-2026-53489"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-40898",
        "url": "https://access.redhat.com/security/cve/CVE-2026-40898"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_15862.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-07-03T14:58:12+00:00",
      "generator": {
        "date": "2026-07-03T14:58:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.1"
        }
      },
      "id": "RHSA-2026:15862",
      "initial_release_date": "2026-05-09T15:24:33+00:00",
      "revision_history": [
        {
          "date": "2026-05-09T15:24:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-07-02T23:41:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-07-03T14:58:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "trivy-main@aarch64",
                "product": {
                  "name": "trivy-main@aarch64",
                  "product_id": "trivy-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/trivy@0.69.3-1.2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "trivy-main@src",
                "product": {
                  "name": "trivy-main@src",
                  "product_id": "trivy-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/trivy@0.69.3-1.2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "trivy-main@x86_64",
                "product": {
                  "name": "trivy-main@x86_64",
                  "product_id": "trivy-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/trivy@0.69.3-1.2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trivy-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:trivy-main@aarch64"
        },
        "product_reference": "trivy-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trivy-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:trivy-main@src"
        },
        "product_reference": "trivy-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trivy-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:trivy-main@x86_64"
        },
        "product_reference": "trivy-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-44432",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "discovery_date": "2026-05-13T17:01:01.083841+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2477154"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:trivy-main@aarch64",
          "Red Hat Hardened Images:trivy-main@src",
          "Red Hat Hardened Images:trivy-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44432"
        },
        {
          "category": "external",
          "summary": "RHBZ#2477154",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
        },
        {
          "category": "external",
          "summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
        }
      ],
      "release_date": "2026-05-13T15:17:12.611000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-09T15:24:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:15862"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
    },
    {
      "cve": "CVE-2026-45287",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "discovery_date": "2026-06-04T16:01:14.155335+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2484831"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenTelemetry-Go (before schema package version 0.0.17). ParseFile in go.opentelemetry.io/otel/schema/v1.0 and v1.1 opens a schema file and passes it to Parse without closing it, leaking one file descriptor per successful call. Repeated parsing in a long-running process can exhaust the file descriptor limit and cause denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "go.opentelemetry.io/otel: go.opentelemetry.io/otel/schema/v1.0: go.opentelemetry.io/otel/schema/v1.1: OpenTelemetry-Go: Denial of Service due to file descriptor leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenTelemetry-Go schema parsing is vulnerable to file descriptor leak in ParseFile for otel/schema v1.0 and v1.1. An attacker who can cause repeated schema parsing against an attacker-influenced file path in a long-running Go process may exhaust file descriptors and crash or stall the service. Exposure is limited to applications that expose schema parsing to untrusted paths; many Red Hat Go services bundle the library transitively without hitting this code path.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:trivy-main@aarch64",
          "Red Hat Hardened Images:trivy-main@src",
          "Red Hat Hardened Images:trivy-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-45287"
        },
        {
          "category": "external",
          "summary": "RHBZ#2484831",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484831"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-45287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-45287"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45287",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45287"
        },
        {
          "category": "external",
          "summary": "https://github.com/open-telemetry/opentelemetry-go/commit/e72a235518cb773137efd80336a179028bc34684",
          "url": "https://github.com/open-telemetry/opentelemetry-go/commit/e72a235518cb773137efd80336a179028bc34684"
        },
        {
          "category": "external",
          "summary": "https://github.com/open-telemetry/opentelemetry-go/commit/f12d198f161b61735d65705248715aa97021ba8d",
          "url": "https://github.com/open-telemetry/opentelemetry-go/commit/f12d198f161b61735d65705248715aa97021ba8d"
        },
        {
          "category": "external",
          "summary": "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v-fvrw-c78m",
          "url": "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v-fvrw-c78m"
        }
      ],
      "release_date": "2026-06-04T14:45:54.522000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-09T15:24:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:15862"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "go.opentelemetry.io/otel: go.opentelemetry.io/otel/schema/v1.0: go.opentelemetry.io/otel/schema/v1.1: OpenTelemetry-Go: Denial of Service due to file descriptor leak"
    },
    {
      "cve": "CVE-2026-53489",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2026-07-01T19:01:30.964031+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2496129"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin incorrectly restores container logs from a checkpoint image. This vulnerability, categorized as a Path Traversal (CWE-61), allows an attacker to read arbitrary files on the host system by manipulating symlinked paths during the checkpoint restore process. This can lead to unauthorized information disclosure from the host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/containerd/containerd: containerd: Arbitrary host file read via symlink following in CRI checkpoint restore",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is not exploitable in several Red Hat products listed in the affect table. These products use CRI-O as the container runtime rather than containerd. Although some shipped images include the containerd Go module (primarily v1.x, and in a few cases containerd v2.x API client libraries) as a build-time dependency for OCI image handling, they do not execute the containerd daemon or its CRI plugin. As a result, the vulnerable containerd CRI checkpoint-restore code path is not exercised.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:trivy-main@aarch64",
          "Red Hat Hardened Images:trivy-main@src",
          "Red Hat Hardened Images:trivy-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-53489"
        },
        {
          "category": "external",
          "summary": "RHBZ#2496129",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496129"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-53489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53489"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53489",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53489"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388",
          "url": "https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388"
        }
      ],
      "release_date": "2026-07-01T18:10:41.802000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-09T15:24:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:15862"
        },
        {
          "category": "workaround",
          "details": "For Red Hat OpenShift and layered products, CRI-O is the supported container runtime, so the vulnerable containerd CRI checkpoint-restore code path is not exercised during normal cluster operation. Customers should nevertheless apply Red Hat product errata as they become available to receive updates for affected operator, must-gather and tooling images that may bundle the containerd Go module.\n\nIf containerd is deployed as the container runtime with CRI checkpoint/restore enabled, disable checkpoint/restore functionality until a fixed version of containerd can be applied.",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "github.com/containerd/containerd: containerd: Arbitrary host file read via symlink following in CRI checkpoint restore"
    },
    {
      "cve": "CVE-2026-53492",
      "cwe": {
        "id": "CWE-807",
        "name": "Reliance on Untrusted Inputs in a Security Decision"
      },
      "discovery_date": "2026-07-01T19:01:34.238078+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2496130"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. This vulnerability enables a user with permissions to create pods to bypass standard Kubernetes resource allocation and device plugin enforcement. Consequently, an attacker can inject arbitrary CDI edits, such as device nodes and host mounts, into the restored container, potentially leading to unauthorized resource access or privilege escalation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated as Important. In Red Hat OpenShift Container Platform, a user with pod creation permissions could bypass standard Kubernetes resource allocation and device plugin enforcement. This is due to containerd\u0027s Container Runtime Interface (CRI) improperly trusting Container Device Interface (CDI) annotations during container restoration. Exploitation requires CDI to be enabled on the node and a matching host CDI specification for the requested device.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:trivy-main@aarch64",
          "Red Hat Hardened Images:trivy-main@src",
          "Red Hat Hardened Images:trivy-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-53492"
        },
        {
          "category": "external",
          "summary": "RHBZ#2496130",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496130"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-53492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53492"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53492",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53492"
        },
        {
          "category": "external",
          "summary": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc",
          "url": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc"
        }
      ],
      "release_date": "2026-07-01T17:59:12.552000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-09T15:24:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:15862"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:trivy-main@aarch64",
            "Red Hat Hardened Images:trivy-main@src",
            "Red Hat Hardened Images:trivy-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration."
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…