PT-2026-42534 · Kata Containers · Runtime-Rs
Published
2026-05-21
·
Updated
2026-05-28
·
CVE-2026-47243
CVSS v4.0
8.4
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P |
Name of the Vulnerable Software and Affected Versions
Kata Containers runtime-rs versions prior to 3.31.0
Description
A symlink escape exists when
virtiofsd is run as root with the flags --sandbox none and --seccomp none. A raw FUSE SYMLINK request allows a guest root user to create symlinks owned by the host root in sensitive host paths. FUSE (Filesystem in Userspace) is a mechanism that allows non-privileged users to create their own file systems without editing kernel code.Recommendations
Update to version 3.31.0.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Runtime-Rs