PT-2026-46880 · Go · Github.Com/Sylabs/Singularity+1
Published
2026-06-04
·
Updated
2026-06-04
·
CVE-2026-47215
CVSS v3.1
4.8
Medium
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
Impact
The
limit container paths directive in singularity.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed.For example, the configuration:
limit container paths = /data/safeWill also allow containers in
/data/safe-but-unsafe to be run.Patches
This issue is patched in SingularityCE 4.4.2 and SingularityPRO 4.3.9 / 4.1.14
Workarounds
If you do not use the
limit container paths functionality, then this issue does not affect your installation.If you do use the
limit container paths functionality then you must update. Please also review the documented limitations when user namespaces are enabled [1].Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github.Com/Sylabs/Singularity
Github.Com/Sylabs/Singularity/V4