Skip to main content

containerd EUVDEUVD-2026-40860

| CVE-2026-53488 CRITICAL
Improper Input Validation (CWE-20)
9.4
CVSS 4.0 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

AV:L because a malicious image must run on the host; AC:H and PR:L because a label-consuming plugin must be configured and the attacker needs workload-deployment ability; S:C for container-to-host escape with full impact.

3.1 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
SUSE
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Source Code Evidence Fetched
Jul 01, 2026 - 02:28 vuln.today
Analysis Updated
Jul 01, 2026 - 02:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 01, 2026 - 02:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 01, 2026 - 02:22 vuln.today
cvss_changed
CVSS changed
Jul 01, 2026 - 02:22 NVD
9.4 (CRITICAL)
Analysis Generated
Jun 19, 2026 - 02:19 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Host command execution in containerd's CRI plugin arises because labels from an image config (Dockerfile LABEL instruction) are propagated to the created container without validation; when a downstream plugin consumes those labels for operations (notably the restart-monitor's binary:// logger path), an attacker-controlled label value becomes an arbitrary command executed with host-root privileges. Affected releases are all containerd versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5, and 2.3.2, meaning any environment that pulls and runs an untrusted image on a node using a label-consuming plugin is exposed to full container-to-host escape. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft image with malicious LABEL (binary:// payload)
Delivery
Get image pulled/run on target node
Exploit
CRI plugin propagates label unvalidated to container
Execution
restart-monitor consumes label as binary:// logger
Persist
Execute arbitrary command as host root
Impact
Compromise node / escape container

Vulnerability AssessmentAI

Exploitation Exploitation requires two concrete prerequisites: (1) a malicious container image must be pulled and run on the affected node - its OCI image config must carry a crafted LABEL value (set via the Dockerfile LABEL instruction); and (2) the node's containerd CRI setup must include a plugin that consumes container labels for operations, specifically the restart-monitor path that maps a label to a binary:// logger URI which is executed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 score is 9.4 (critical) with vector AV:L/AC:L/AT:N/PR:N/UI:N and full high impact to both the vulnerable system (VC/VI/VA:H) and subsequent systems (SC/SI/SA:H), reflecting a container-to-host escape. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes (or convinces a victim to pull) a container image whose Dockerfile contains a crafted LABEL whose value encodes a binary:// command; when the image is run on a node whose CRI restart-monitor plugin consumes that label, containerd executes the attacker's command as host root, escaping the container. In a multi-tenant Kubernetes cluster, a tenant permitted to schedule pods with arbitrary image references could weaponize this to compromise the node. …
Remediation Vendor-released patches exist - upgrade containerd to the fixed release for your branch: 1.7.33, 2.0.10, 2.1.9, 2.2.5, or 2.3.2 (per GHSA-xhf5-7wjv-pqxp, https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all containerd deployments; identify versions in use and which nodes have label-consuming plugins enabled (particularly restart-monitor). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SLES15-SP5-CHOST-BYOS-SAP-CCloud Affected
SLES15-SP6-CHOST-BYOS Affected
SLES15-SP6-CHOST-BYOS-Aliyun Affected

Share

EUVD-2026-40860 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy