HIGH🇵🇱 Wersja polska

CVE-2026-41326

CVSS 8.2v4.0pub. 2026-04-24upd. 2026-06-30

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy (and perhaps the CopyFile handler) allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. This vulnerability is fixed in v3.29.0.

CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Katacontainers Confidential Containers

    APP
    Katacontainers
    0.9.0 – 0.20.0 (bez)
  • Katacontainers Kata Containers

    APP
    Katacontainers
    3.4.0 – 3.29.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Container
CWE
References

Related vulnerabilities

CVE-2026-24834CRITICAL9.3PL ✓ten sam produkt

Kata Containers: modyfikacja systemu plików VM umożliwia RCE jako root

CVE-2026-24054HIGH8.8ten sam produkt

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machine...

CVE-2020-27151HIGH8.8ten sam produkt

An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute bi...

CVE-2020-28914HIGH7.1ten sam vendor

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes ho...

CVE-2020-2026HIGH7.8ten sam vendor

A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running mul...