PT-2026-49604 · Undefined · Undefined

Published

2026-06-15

Updated

2026-06-15

CVE-2026-44517

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Podman 5.8.3 closes CVE-2026-44517: an ADD or COPY against a malicious Git repo or tar archive could pull files from outside the build context. The fix ships with Buildah 1.43.2 bundled in. If you build images from untrusted sources, how do you sandbox the build step itself?

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-44517

Affected Products

Undefined

PT-2026-49604 · Undefined · Undefined

CVE-2026-44517

Related Identifiers

Affected Products

References · 1