PT-2026-51057 · Unknown · Kubernetes Containerd
Published
2026-06-19
·
Updated
2026-06-22
·
CVE-2026-53489
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
containerd versions prior to 2.1.9
containerd versions prior to 2.2.5
containerd versions prior to 2.3.2
Description
A bug in the CRI plugin allows the restoration of
container.log from a checkpoint image without validating a symlinked path. This can lead to an arbitrary file read on the host system when using kubectl logs.Recommendations
Update to version 2.1.9.
Update to version 2.2.5.
Update to version 2.3.2.
Ensure that only trusted images and checkpoints are used.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kubernetes Containerd