CVE-2026-30892

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions crun versions 1.19 through 1.26

Description crun, an open source OCI Container Runtime written in C, has an issue where the crun exec option -u (--user) is incorrectly parsed. Specifically, a value of 1 is misinterpreted as UID 0 and GID 0 instead of UID 1 and GID 0, leading to processes running with elevated privileges.

Recommendations Update to version 1.27 or later.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALSA-2026:19020

ALSA-2026:19178

ALSA-2026:6621

ALSA-2026:6622

BDU:2026-07259

CVE-2026-30892

GHSA-4VG2-XJQJ-7CHJ

OPENSUSE-SU-2026:10524-1

RHSA-2026:6621

RHSA-2026:6622

Affected Products

Red Os

Rocky Linux

Crun

CVE-2026-30892

Weakness Enumeration

Related Identifiers

Affected Products

References · 38