PT-2026-35062 · Unknown · Kata Containers
Fidencio
·
Published
2026-04-24
·
Updated
2026-05-15
·
CVE-2026-41326
CVSS v4.0
8.2
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Kata Containers versions 3.4.0 through 3.28.0
Description
An oversight in the CopyFile policy and potentially the CopyFile handler allows untrusted hosts to write to arbitrary locations within the guest workload image. This flaw can be exploited to overwrite binaries inside the guest and exfiltrate data from containers, including those running inside Cloud Virtual Machines (CVMs).
Recommendations
Update to version 3.29.0.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kata Containers