Christophe De Dinechin

**Name of the Vulnerable Software and Affected Versions** Kata Containers versions 1.11.3 and earlier Kata Containers versions 2.x through 2.0-rc1 **Description** An issue was discovered in Kata Containers where the runtime will execute binaries given using annotations without any kind of validation. This allows someone with access rights to a cluster to have kata-runtime execute arbitrary binaries as root on the worker nodes. **Recommendations** For Kata Containers versions 1.11.3 and earlier, update to a version later than 1.11.3 to resolve the issue. For Kata Containers versions 2.x through 2.0-rc1, update to a version later than 2.0-rc1 to resolve the issue. As a temporary workaround, consider restricting access to the kata-runtime to minimize the risk of exploitation.