Skip to main content

Gitea act_runner EUVDEUVD-2026-39973

| CVE-2026-58053 CRITICAL
Improper Privilege Management (CWE-269)
2026-06-28 VulnCheck GHSA-8qf9-pc52-j7cm
9.4
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.9 CRITICAL

Attacker needs only authenticated workflow-run rights (PR:L) over the network with no user interaction; container-to-host escape changes scope (S:C) with full host C/I/A impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 28, 2026 - 02:30 vuln.today
CVSS changed
Jun 28, 2026 - 02:22 NVD
9.9 (CRITICAL) 9.4 (CRITICAL)
CVE Published
Jun 28, 2026 - 01:32 cve.org
CRITICAL 9.4

DescriptionCVE.org

Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-opt unchanged. A user who can run a workflow on a Docker-backed runner can create a job container with host namespaces and broad capabilities and escape to the host as root despite privileged mode being disabled.

AnalysisAI

Container escape in Gitea act_runner (Docker backend, through act 0.262.0) lets an authenticated user with workflow-execution rights break out to the host as root even when privileged mode is disabled. The runner passes a workflow's container.options string straight into the Docker job container's HostConfig and only forces the Privileged flag off, leaving dangerous options like --pid=host, --cap-add, and --security-opt intact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with workflow-run rights
Delivery
Craft workflow with privileged:false plus container.options host flags
Exploit
Runner merges --pid=host/--cap-add/--security-opt into HostConfig
Execution
Job container starts with host namespaces and broad capabilities
Persist
Escape container to host as root
Impact
Full host compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) a Gitea act_runner configured with the Docker backend, (2) the ability to run a workflow on that runner - i.e., an authenticated user with workflow-execution/push rights (PR:L), and (3) that the workflow's container.options field is honored by the runner. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are largely consistent and point to a genuine high priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A developer with permission to run CI on a Docker-backed Gitea act_runner authors a workflow that sets privileged: false but adds container.options like '--pid=host --cap-add=SYS_ADMIN --security-opt apparmor=unconfined'. The runner clears only the Privileged flag and applies the rest, giving the job container host namespace access and elevated capabilities, from which the attacker escapes to the host and gains root. …
Remediation No vendor-released patched version of act_runner is identified in the provided data, so the exact fix version is not independently confirmed - consult the VulnCheck advisory (https://www.vulncheck.com/advisories/gitea-act-runner-container-hardening-bypass-via-workflow-container-options) for the latest fixed release and upgrade once available. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Restrict workflow-execution permissions to a minimal trusted set of internal developers; disable Docker backend for act_runner if alternative backends exist, or take runners offline until mitigation is in place. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2025-66570 CRITICAL POC
10.0 Dec 05

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allow

CVE-2026-47668 CRITICAL POC
10.0 Jun 05

Unauthenticated remote code execution in DbGate (npm package dbgate-serve, versions <= 7.1.8) lets remote attackers exec

CVE-2026-24841 CRITICAL POC
9.9 Jan 28

Dokploy self-hosted PaaS prior to 0.26.6 has a critical command injection vulnerability (CVSS 9.9) allowing authenticate

CVE-2026-33309 CRITICAL POC
9.9 Mar 19

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrar

CVE-2026-24740 CRITICAL POC
9.9 Jan 27

Critical access control flaw in Dozzle Docker log viewer allows users restricted by label filters to escape their scope

CVE-2026-42589 CRITICAL POC
9.8 May 07

Unauthenticated remote code execution in Gotenberg 8.29.1 allows network attackers to execute arbitrary OS commands via

Vendor StatusVendor

Debian

gitea
Release Status Fixed Version Urgency
(unstable) fixed (unfixed) -

Share

EUVD-2026-39973 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy