How to fix CVE-2026-24835?

Within 24 hours: Identify all systems running Podman Desktop and document current versions in use. Within 7 days: Deploy Podman Desktop version 1.25.1 or later across all affected systems and verify successful installation. Within 30 days: Audit extension usage across the organization, remove unauthorized or untrusted extensions, and implement a code review process for any custom extensions before deployment.

Is Kubernetes affected by CVE-2026-24835?

Podman Desktop versions prior to 1.25.1 contain an authentication bypass vulnerability that allows malicious extensions to gain unauthorized access to all stored authentication credentials and sessions.

CVE-2026-24835

HIGH

2026-01-28 [email protected]

7.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Mar 02, 2026 - 18:27 vuln.today

Public exploit code

Patch Released

Mar 02, 2026 - 18:27 nvd

Patch available

CVE Published

Jan 28, 2026 - 21:16 nvd

HIGH 7.1

Description

Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions. The `isAccessAllowed()` function unconditionally returns `true`, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. This vulnerability affects all versions of Podman Desktop. Version 1.25.1 contains a patch for the issue.

Analysis

Podman Desktop versions prior to 1.25.1 contain an authentication bypass in the extension permission framework where the `isAccessAllowed()` function always returns true, allowing malicious extensions to hijack authentication sessions and access sensitive resources without authorization. Public exploit code exists for this vulnerability, affecting all current deployments of the affected product. …

Remediation

Within 24 hours: Identify all systems running Podman Desktop and document current versions in use. Within 7 days: Deploy Podman Desktop version 1.25.1 or later across all affected systems and verify successful installation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +36

POC: +20

Vendor Status

CVE-2026-24835 vulnerability details – vuln.today

Back

CVE-2026-24835

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Share

CVE-2026-24835

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Share

External POC / Exploit Code