RHSA-2026:35111
Vulnerability from csaf_redhat - Published: 2026-07-02 23:34 - Updated: 2026-07-03 04:24A flaw was found in containerd, an open-source container runtime. Containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. This vulnerability allows a crafted container image to bypass the Kubernetes `runAsNonRoot` restriction, potentially leading to privilege escalation where the container runs as the root user (UID 0). This can cause unexpected behavior in environments designed to enforce non-root user execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:trivy-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd process to terminate. This results in a Denial of Service (DoS) condition, making the container runtime API unavailable and disrupting clients like Docker Engine or Kubernetes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:trivy-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:trivy-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ntrivy:\n * trivy-0.72.0-0.1.hum1 (aarch64, x86_64)\n * trivy-0.72.0-0.1.hum1.src (src)\n\nSecurity Fix(es):\n\ntrivy:\n * CVE-2026-46680\n * CVE-2026-47262\n * CVE-2026-53488",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35111",
"url": "https://access.redhat.com/errata/RHSA-2026:35111"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46680",
"url": "https://access.redhat.com/security/cve/CVE-2026-46680"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47262",
"url": "https://access.redhat.com/security/cve/CVE-2026-47262"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53488",
"url": "https://access.redhat.com/security/cve/CVE-2026-53488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35111.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update",
"tracking": {
"current_release_date": "2026-07-03T04:24:04+00:00",
"generator": {
"date": "2026-07-03T04:24:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:35111",
"initial_release_date": "2026-07-02T23:34:03+00:00",
"revision_history": [
{
"date": "2026-07-02T23:34:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-02T23:35:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T04:24:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-main@aarch64",
"product": {
"name": "trivy-main@aarch64",
"product_id": "trivy-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/trivy@0.72.0-0.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-main@src",
"product": {
"name": "trivy-main@src",
"product_id": "trivy-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/trivy@0.72.0-0.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-main@x86_64",
"product": {
"name": "trivy-main@x86_64",
"product_id": "trivy-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/trivy@0.72.0-0.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:trivy-main@aarch64"
},
"product_reference": "trivy-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:trivy-main@src"
},
"product_reference": "trivy-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:trivy-main@x86_64"
},
"product_reference": "trivy-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-46680",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2026-07-01T18:02:18.277866+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2496104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. Containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. This vulnerability allows a crafted container image to bypass the Kubernetes `runAsNonRoot` restriction, potentially leading to privilege escalation where the container runs as the root user (UID 0). This can cause unexpected behavior in environments designed to enforce non-root user execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Privilege escalation via incorrect user ID handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Container Platform and its layered products include the containerd Go library as a build-time dependency for various components. These products do not use containerd as a container runtime; CRI-O is used instead. The vulnerable code path responsible for parsing User directives during container runtime spec generation is not exercised. Therefore, although the containerd library is present in shipped binaries, the vulnerability is not exploitable in the context of Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46680"
},
{
"category": "external",
"summary": "RHBZ#2496104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46680"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w"
}
],
"release_date": "2026-07-01T17:40:25.499000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T23:34:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35111"
},
{
"category": "workaround",
"details": "Enforce a specific numeric runAsUser in the Kubernetes Pod securityContext, which overrides the User directive in the container image and prevents the bypass. Additionally, restrict access to push container images to trusted users only, and validate image provenance before deployment.",
"product_ids": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd: Privilege escalation via incorrect user ID handling"
},
{
"cve": "CVE-2026-47262",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-07-01T19:01:12.673142+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2496126"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd process to terminate. This results in a Denial of Service (DoS) condition, making the container runtime API unavailable and disrupting clients like Docker Engine or Kubernetes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat\u0027s container platform uses CRI-O as its container runtime interface, not containerd. While containerd libraries are bundled in some images for OCI image operations (e.g., estargz support via skopeo), the containerd daemon and its CRI plugin (where the vulnerable group-parsing code path exists) are not executed. Therefore, this vulnerability is not exploitable in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47262"
},
{
"category": "external",
"summary": "RHBZ#2496126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496126"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47262",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47262"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47262",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47262"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq"
}
],
"release_date": "2026-07-01T17:48:43.205000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T23:34:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35111"
},
{
"category": "workaround",
"details": "No mitigation is needed for Red Hat products. The vulnerable code path in containerd\u0027s CRI plugin group-parsing logic is not executed because Red Hat uses CRI-O as the container runtime. Products that bundle containerd as a library dependency for OCI image operations are not affected.",
"product_ids": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing"
},
{
"cve": "CVE-2026-53488",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-07-01T02:01:09.589815+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2495815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in containerd where the CRI plugin propagates labels from an image configuration (LABEL instruction in a Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host via a plugin that consumes container labels for operations, such as the restart-monitor binary:// logger. An attacker who can cause a crafted container image to be pulled and run can achieve host-level code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53488"
},
{
"category": "external",
"summary": "RHBZ#2495815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2495815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53488"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp"
}
],
"release_date": "2026-07-01T00:11:20.610000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T23:34:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35111"
},
{
"category": "workaround",
"details": "Restrict container image pulls to trusted registries using admission policies or image signature verification. Where containerd is used as the container runtime, disable or restrict the binary:// logger URI scheme in the containerd configuration to prevent the label-to-logger attack path.",
"product_ids": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.