Bug 2496128 (CVE-2026-50195)
| Summary: | CVE-2026-50195 github.com/containerd/containerd: containerd: Arbitrary code execution via CRI checkpoint image tag poisoning | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | amctagga, anjoseph, anpicker, aoconnor, aprice, bdettelb, bniver, bparees, cahl, crizzo, dbosanac, derez, dfreiber, dhanak, dkeler, doconnor, drosa, drow, dschmidt, dsimansk, dymurray, eborisov, eglynn, flucifre, gmeno, gparvin, groman, hasun, ibolton, jburrell, jcantril, jfula, jjoyce, jkoehler, jlanda, jmatthew, jmontleo, jowilson, jprabhak, jpretori, jreimann, jsamir, jschluet, kaycoth, kbempah, kingland, kshier, lball, lgamliel, lhh, ljawale, lphiri, manissin, mbenjamin, mburns, mdessi, mgarciac, mhackett, mnovotny, mrizzi, msilmser, ngough, nyancey, oezr, ometelka, pakotvan, pcattana, pgaikwad, ptisnovs, rekumar, rhaigner, rjohnson, rojacob, sakbas, sausingh, sbratsla, sdawley, simaishi, slucidi, solenoci, sostapov, sseago, stcannon, sthirugn, suppawar, syedriko, teagle, thason, vereddy, veshanka, vkumar, vvoronko, whayutin, wtam, xdharmai, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in containerd, an open-source container runtime. The CRI (Container Runtime Interface) checkpoint import process fails to validate image references within a checkpoint image's configuration. An attacker with permissions to create pods can exploit this by using a specially crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag. This action poisons the node's local image cache, leading to other pods unknowingly executing the attacker's malicious image instead of the legitimate one, which can result in arbitrary code execution under the victim pod's identity.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2496534 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-07-01 19:01:46 UTC
|