PT-2026-4532 · Amazon · Firecracker
Published
2026-01-23
·
Updated
2026-02-18
·
CVE-2026-1386
CVSS v4.0
6.0
Medium
| Vector | AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Firecracker versions prior to 1.13.2 and version 1.14.0
Description
A flaw exists in the jailer component of Firecracker that could allow a local host user with write access to pre-created jailer directories to overwrite arbitrary host files. This is possible through a symlink attack during jailer startup initialization if the jailer is run with root privileges.
Recommendations
Upgrade to version 1.13.2 or later.
Upgrade to version 1.14.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firecracker