Skip to main content

Podman

15 CVEs tool

Monthly

CVE-2026-57231 HIGH PATCH This Week

Information disclosure in Podman (1.8.1 through 5.8.3) lets a malicious OCI container image leak host environment variables into the container by embedding an image env entry with a key but no value; an asterisk (*) entry causes Podman to forward ALL host session variables. Because the launching session frequently holds secrets (registry credentials, API tokens, proxy auth), a crafted image run by a victim can harvest them. No public exploit is identified beyond the proof-of-concept test shipped with the fix, and it is not listed in CISA KEV.

Information Disclosure Podman
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-24835 HIGH POC PATCH This Week

Podman Desktop versions prior to 1.25.1 contain an authentication bypass in the extension permission framework where the `isAccessAllowed()` function always returns true, allowing malicious extensions to hijack authentication sessions and access sensitive resources without authorization. Public exploit code exists for this vulnerability, affecting all current deployments of the affected product. Administrators should upgrade to version 1.25.1 or later immediately.

Kubernetes Authentication Bypass Podman Desktop Red Hat Podman
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-3056 Go HIGH This Week

A flaw was found in Podman. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Podman Openshift Container Platform Enterprise Linux Fedora
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2023-0778 Go MEDIUM PATCH This Month

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Podman Enterprise Linux
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2022-4123 Go LOW Monitor

A flaw was found in Buildah. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Podman Fedora
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-4122 Go MEDIUM PATCH This Month

A vulnerability was found in buildah. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Podman Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-2989 Go HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Podman Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-2739 MEDIUM This Month

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Red Hat Enterprise Linux Server Enterprise Linux Workstation Podman
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-2738 HIGH This Week

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Red Hat RCE Use After Free Enterprise Linux Server +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-1227 Go HIGH POC PATCH This Week

A privilege escalation flaw was found in Podman. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Information Disclosure Podman Psgo +14
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2022-27649 Go HIGH PATCH This Week

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Podman Developer Tools Openshift Container Platform +11
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-4024 Go MEDIUM PATCH This Month

A flaw was found in podman. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Podman Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-20188 Go HIGH PATCH This Week

A flaw was found in podman before 1.7.0. Rated high severity (CVSS 7.0). This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Podman Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2021-20199 Go MEDIUM POC PATCH This Month

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Podman
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2020-14370 Go MEDIUM PATCH This Month

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Docker Information Disclosure Podman Openshift Container Platform Enterprise Linux +1
NVD
CVSS 3.1
5.3
EPSS
1.4%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure in Podman (1.8.1 through 5.8.3) lets a malicious OCI container image leak host environment variables into the container by embedding an image env entry with a key but no value; an asterisk (*) entry causes Podman to forward ALL host session variables. Because the launching session frequently holds secrets (registry credentials, API tokens, proxy auth), a crafted image run by a victim can harvest them. No public exploit is identified beyond the proof-of-concept test shipped with the fix, and it is not listed in CISA KEV.

Information Disclosure Podman
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Podman Desktop versions prior to 1.25.1 contain an authentication bypass in the extension permission framework where the `isAccessAllowed()` function always returns true, allowing malicious extensions to hijack authentication sessions and access sensitive resources without authorization. Public exploit code exists for this vulnerability, affecting all current deployments of the affected product. Administrators should upgrade to version 1.25.1 or later immediately.

Kubernetes Authentication Bypass Podman Desktop +2
NVD GitHub
EPSS 1% CVSS 7.7
HIGH This Week

A flaw was found in Podman. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Podman Openshift Container Platform +2
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Podman Enterprise Linux
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A flaw was found in Buildah. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Podman Fedora
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability was found in buildah. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Podman Fedora
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Podman Openshift Container Platform +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Red Hat Enterprise Linux Server +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Red Hat RCE +4
NVD
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

A privilege escalation flaw was found in Podman. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Information Disclosure +16
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Podman +13
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in podman. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Podman Fedora +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A flaw was found in podman before 1.7.0. Rated high severity (CVSS 7.0). This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Podman Openshift Container Platform +1
NVD
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Podman
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Docker Information Disclosure Podman +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy