Skip to main content

Confidential Compute Attestation

1 CVEs product

Monthly

CVE-2026-15809 HIGH This Week

Privilege escalation in CRI-O (the OCI container runtime used by Red Hat OpenShift Container Platform 4 and many Kubernetes clusters) lets an attacker who can set container environment variables inject a newline into the HOME variable and append arbitrary lines to /etc/passwd, enabling creation of a rootful or otherwise privileged account inside the container. It is a bypass of the incomplete fix for CVE-2022-4318, whose HOME sanitization was insufficient. No public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Confidential Compute Attestation Red Hat Openshift Container Platform 4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH This Week

Privilege escalation in CRI-O (the OCI container runtime used by Red Hat OpenShift Container Platform 4 and many Kubernetes clusters) lets an attacker who can set container environment variables inject a newline into the HOME variable and append arbitrary lines to /etc/passwd, enabling creation of a rootful or otherwise privileged account inside the container. It is a bypass of the incomplete fix for CVE-2022-4318, whose HOME sanitization was insufficient. No public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Confidential Compute Attestation Red Hat Openshift Container Platform 4
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy