CVE-2026-24835

CVSS v2.0

9.4

Critical

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Podman Desktop versions prior to 1.25.1

Description Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass allows any extension to circumvent permission checks and gain unauthorized access to all authentication sessions. The isAccessAllowed() function unconditionally returns true, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization.

Recommendations Update Podman Desktop to version 1.25.1 or later.

Exploit

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

BDU:2026-01230

CVE-2026-24835

GHSA-V3FX-QG34-6G9M

Affected Products

Podman-Desktop

CVE-2026-24835

Weakness Enumeration

Related Identifiers

Affected Products

References · 10