VDB
RHSA-2026%3A3122
RHSA-2026%3A3122
PUBLISHED
CVSS 7.699999809265137 HIGH
A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.
Risk Scores
CVSS 3.1
7.699999809265137
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/rhosp-rhel8/osp-director-downloader@sha256:3e44aea04cf6633eeafba0cbd902447bcb76a46d299cce6eaccf0ee92f1d3988_amd64 as a component of Red Hat OpenStack Platform 16.2 | registry.redhat.io/rhosp-rhel8/osp-director-downloader@sha256:3e44aea04cf6633eeafba0cbd902447bcb76a46d299cce6eaccf0ee92f1d3988_amd64 |
| Red Hat | registry.redhat.io/rhosp-rhel8/osp-director-operator@sha256:74254effff84e9bfe9bca9dcf1d1b9c1cccbe5e874fbd6c34c86c257670480d8_amd64 as a component of Red Hat OpenStack Platform 16.2 | * |
| Red Hat | registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:52d027283d31a428616b90315b0d67f489770e05260cebe35725f18d6f60ad3f_amd64 as a component of Red Hat OpenStack Platform 16.2 | registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:52d027283d31a428616b90315b0d67f489770e05260cebe35725f18d6f60ad3f_amd64, registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:52d027283d31a428616b90315b0d67f489770e05260cebe35725f18d6f60ad3f_amd64, registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:52d027283d31a428616b90315b0d67f489770e05260cebe35725f18d6f60ad3f_amd64 |
| Red Hat | registry.redhat.io/rhosp-rhel8/osp-director-downloader@sha256:3e44aea04cf6633eeafba0cbd902447bcb76a46d299cce6eaccf0ee92f1d3988_amd64 as a component of Red Hat OpenStack Platform 16.2 | registry.redhat.io/rhosp-rhel8/osp-director-downloader@sha256:3e44aea04cf6633eeafba0cbd902447bcb76a46d299cce6eaccf0ee92f1d3988_amd64, registry.redhat.io/rhosp-rhel8/osp-director-downloader@sha256:3e44aea04cf6633eeafba0cbd902447bcb76a46d299cce6eaccf0ee92f1d3988_amd64, registry.redhat.io/rhosp-rhel8/osp-director-downloader@sha256:3e44aea04cf6633eeafba0cbd902447bcb76a46d299cce6eaccf0ee92f1d3988_amd64 |
| Red Hat | registry.redhat.io/rhosp-rhel8/osp-director-agent@sha256:26005fbf7d5e2b62db9368a3ec4858c22c653e45abe328feda7dc26e3039b355_amd64 as a component of Red Hat OpenStack Platform 16.2 | registry.redhat.io/rhosp-rhel8/osp-director-agent@sha256:26005fbf7d5e2b62db9368a3ec4858c22c653e45abe328feda7dc26e3039b355_amd64, registry.redhat.io/rhosp-rhel8/osp-director-agent@sha256:26005fbf7d5e2b62db9368a3ec4858c22c653e45abe328feda7dc26e3039b355_amd64, * |
| Red Hat | registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:52d027283d31a428616b90315b0d67f489770e05260cebe35725f18d6f60ad3f_amd64 as a component of Red Hat OpenStack Platform 16.2 | registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:52d027283d31a428616b90315b0d67f489770e05260cebe35725f18d6f60ad3f_amd64 |
| Red Hat | registry.redhat.io/rhosp-rhel8/osp-director-operator@sha256:74254effff84e9bfe9bca9dcf1d1b9c1cccbe5e874fbd6c34c86c257670480d8_amd64 as a component of Red Hat OpenStack Platform 16.2 | registry.redhat.io/rhosp-rhel8/osp-director-operator@sha256:74254effff84e9bfe9bca9dcf1d1b9c1cccbe5e874fbd6c34c86c257670480d8_amd64, registry.redhat.io/rhosp-rhel8/osp-director-operator@sha256:74254effff84e9bfe9bca9dcf1d1b9c1cccbe5e874fbd6c34c86c257670480d8_amd64, * |
| Red Hat | registry.redhat.io/rhosp-rhel8/osp-director-agent@sha256:26005fbf7d5e2b62db9368a3ec4858c22c653e45abe328feda7dc26e3039b355_amd64 as a component of Red Hat OpenStack Platform 16.2 | registry.redhat.io/rhosp-rhel8/osp-director-agent@sha256:26005fbf7d5e2b62db9368a3ec4858c22c653e45abe328feda7dc26e3039b355_amd64 |
Exploit Intelligence
- glcve_test.go (github-poc)
Timeline
- Feb 23, 2026 CVE Published
- Apr 28, 2026 Distribution Patch
- Apr 28, 2026 Distribution Patch
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:3122 advisory
- https://access.redhat.com/security/cve/CVE-2024-25621 advisory
- https://access.redhat.com/security/cve/CVE-2025-47913 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://catalog.redhat.com/software/containers/search advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3122.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2413190 issue
- https://www.cve.org/CVERecord?id=CVE-2024-25621 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-25621 advisory
- https://github.com/containerd/containerd/blob/main/docs/rootless.md advisory
- https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5 advisory
- https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2414943 issue
- https://www.cve.org/CVERecord?id=CVE-2025-47913 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-47913 advisory
- https://github.com/advisories/GHSA-hcg3-q754-cr77 advisory
- https://go.dev/cl/700295 advisory
- https://go.dev/issue/75178 advisory
- https://pkg.go.dev/vuln/GO-2025-4116 advisory