PT-2026-52554 · Podman · Podman

Published

2026-06-25

Updated

2026-06-26

CVE-2026-57231

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Podman versions 1.8.1 through 5.8.4

Description A malicious container image can trick Podman into leaking host environment variables into the container. This occurs when an image contains an Env entry consisting of a key without a value. Furthermore, using an asterisk (*) as a glob operator allows the exfiltration of all environment variables set in the session from which the container is launched, even if their exact names are unknown.

Recommendations Update Podman to version 5.8.4 or 6.0.0.

Fix

Information Disclosure

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-668

Related Identifiers

CVE-2026-57231

Affected Products

Podman

PT-2026-52554 · Podman · Podman

CVE-2026-57231

Weakness Enumeration

Related Identifiers

Affected Products

References · 4