Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attacker needs only authenticated workflow-run rights (PR:L) over the network with no user interaction; container-to-host escape changes scope (S:C) with full host C/I/A impact.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-opt unchanged. A user who can run a workflow on a Docker-backed runner can create a job container with host namespaces and broad capabilities and escape to the host as root despite privileged mode being disabled.
Articles & Coverage 1
AnalysisAI
Container escape in Gitea act_runner (Docker backend, through act 0.262.0) lets an authenticated user with workflow-execution rights break out to the host as root even when privileged mode is disabled. The runner passes a workflow's container.options string straight into the Docker job container's HostConfig and only forces the Privileged flag off, leaving dangerous options like --pid=host, --cap-add, and --security-opt intact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) a Gitea act_runner configured with the Docker backend, (2) the ability to run a workflow on that runner - i.e., an authenticated user with workflow-execution/push rights (PR:L), and (3) that the workflow's container.options field is honored by the runner. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are largely consistent and point to a genuine high priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A developer with permission to run CI on a Docker-backed Gitea act_runner authors a workflow that sets privileged: false but adds container.options like '--pid=host --cap-add=SYS_ADMIN --security-opt apparmor=unconfined'. The runner clears only the Privileged flag and applies the rest, giving the job container host namespace access and elevated capabilities, from which the attacker escapes to the host and gains root. … |
| Remediation | No vendor-released patched version of act_runner is identified in the provided data, so the exact fix version is not independently confirmed - consult the VulnCheck advisory (https://www.vulncheck.com/advisories/gitea-act-runner-container-hardening-bypass-via-workflow-container-options) for the latest fixed release and upgrade once available. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Restrict workflow-execution permissions to a minimal trusted set of internal developers; disable Docker backend for act_runner if alternative backends exist, or take runners offline until mitigation is in place. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allow
Unauthenticated remote code execution in DbGate (npm package dbgate-serve, versions <= 7.1.8) lets remote attackers exec
Dokploy self-hosted PaaS prior to 0.26.6 has a critical command injection vulnerability (CVSS 9.9) allowing authenticate
An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrar
Critical access control flaw in Dozzle Docker log viewer allows users restricted by label filters to escape their scope
Unauthenticated remote code execution in Gotenberg 8.29.1 allows network attackers to execute arbitrary OS commands via
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allVendor StatusVendor
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39973
GHSA-8qf9-pc52-j7cm