CVE-2026-24054

Name of the Vulnerable Software and Affected Versions Kata Containers versions prior to 3.26.0

Description Kata Containers is an open source project that implements lightweight Virtual Machines (VMs) functioning like containers. A flaw exists where, when processing a malformed or empty container image, containerd resorts to bind-mounting an empty snapshotter directory for the container rootfs. This causes the Kata runtime to identify the rootfs as a block device, triggering hotplugging of the underlying device within the guest. This can result in filesystem-level errors on the host, including double inode allocation, potentially leading to the host's block device being mounted as read-only. The issue can cause denial of service and a risk of system integrity compromise.

Recommendations Versions prior to 3.26.0 should be updated to version 3.26.0 or later.