CVE-2026-53492

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2

Description The CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. Instead of relying solely on the pod's create-time specification, the system preserves CDI-related annotations from the checkpoint archive. This allows a user with pod creation permissions to bypass Kubernetes resource allocation and device plugin enforcement by injecting arbitrary CDI edits, such as device nodes and host mounts, into the restored container. This issue requires CDI to be enabled on the node and the presence of a matching host CDI specification for the requested device.

Recommendations Update to version 2.1.9. Update to version 2.2.5. Update to version 2.3.2. Restrict the restoration of containers from untrusted checkpoint images. Remove or temporarily relocate host CDI specifications from the /etc/cdi and /var/run/cdi directories if CDI capabilities are not utilized on the node.