HIGH🇵🇱 Wersja polska

CVE-2026-24054

CVSS 8.8v4.0pub. 2026-01-29upd. 2026-02-24

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter directory for the container rootfs. When the Kata runtime attempts to mount the container rootfs, the bind mount causes the rootfs to be detected as a block device, leading to the underlying device being hotplugged to the guest. This can cause filesystem-level errors on the host due to double inode allocation, and may lead to the host's block device being mounted as read-only. Version 3.26.0 contains a patch for the issue.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Katacontainers Kata Containers

    APP
    Katacontainers
    < 3.26.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Container
CWE
References

Related vulnerabilities

CVE-2026-24834CRITICAL9.3PL ✓ten sam produkt

Kata Containers: modyfikacja systemu plików VM umożliwia RCE jako root

CVE-2026-41326HIGH8.2ten sam produkt

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machine...

CVE-2020-27151HIGH8.8ten sam produkt

An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute bi...

CVE-2020-28914HIGH7.1ten sam vendor

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes ho...

CVE-2020-2026HIGH7.8ten sam vendor

A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running mul...