CVE-2026-20613
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0.
Analysis
Path traversal in the ArchiveReader.extractContents() function used by container image load operations allows local attackers to write arbitrary files to any user-writable location on the system by crafting malicious archives with relative pathnames. Public exploit code exists for this vulnerability, and affected users cannot currently patch as fixes are only available in container 0.8.0 and containerization 0.21.0. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Disable or restrict access to cctl image load and container image load functions until mitigation is in place; audit recent image loads for suspicious activity. Within 7 days: Implement network segmentation to isolate container image loading operations; require image validation through alternative trusted sources. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today