2451576 – (CVE-2026-30892) CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the `--user` option

Bug 2451576 (CVE-2026-30892) - CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the `--user` option

Summary: CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of t...

Keywords:
Status:	NEW
Alias:	CVE-2026-30892
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2452162 2452163
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-26 01:01 UTC by OSIDB Bzimport
Modified:	2026-03-27 08:06 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-26 01:01:49 UTC

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the  `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and  GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.

Note You need to log in before you can comment on or make changes to this bug.