PT-2026-51056 · Unknown · Kubernetes Containerd

Published

2026-06-19

Updated

2026-06-22

CVE-2026-53488

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33

Description A bug in the CRI plugin allows the propagation of labels from an image config, specifically the LABEL instruction in a Dockerfile, to a container without proper validation. This can lead to the execution of arbitrary commands on the host system if a plugin that consumes container labels for its operations is used.

Recommendations Update to version 2.3.2 Update to version 2.2.5 Update to version 2.1.9 Update to version 2.0.10 Update to version 1.7.33 Ensure that only trusted images are used.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2026-53488

GHSA-XHF5-7WJV-PQXP

Affected Products

Kubernetes Containerd

PT-2026-51056 · Unknown · Kubernetes Containerd

CVE-2026-53488

Weakness Enumeration

Related Identifiers

Affected Products

References · 5