Bug 2496126 (CVE-2026-47262) - CVE-2026-47262 github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing
Summary: CVE-2026-47262 github.com/containerd/containerd: containerd: Denial of Servic...
Keywords:
Status: NEW
Alias: CVE-2026-47262
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2496426 2496427 2496428 2496429 2496430 2496431 2496432 2496434 2496435 2496436 2496437 2496438 2496439 2496440 2496441 2496442 2496443 2496444 2496445 2496446 2496447 2496448 2496449 2496450 2496452 2496453 2496454 2496455 2496456 2496457 2496458 2496459 2496460 2496461 2496462 2496463 2496433 2496451
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-01 19:01 UTC by OSIDB Bzimport
Modified: 2026-07-02 12:08 UTC (History)
98 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-01 19:01:35 UTC
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.


Note You need to log in before you can comment on or make changes to this bug.