VDB

RHSA-2026%3A3122

RHSA-2026%3A3122 PUBLISHED CVSS 7.699999809265137 HIGH

A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.

Risk Scores

CVSS 3.1
7.699999809265137
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/rhosp-rhel8/osp-director-downloader@sha256:3e44aea04cf6633eeafba0cbd902447bcb76a46d299cce6eaccf0ee92f1d3988_amd64 as a component of Red Hat OpenStack Platform 16.2registry.redhat.io/rhosp-rhel8/osp-director-downloader@sha256:3e44aea04cf6633eeafba0cbd902447bcb76a46d299cce6eaccf0ee92f1d3988_amd64
Red Hatregistry.redhat.io/rhosp-rhel8/osp-director-operator@sha256:74254effff84e9bfe9bca9dcf1d1b9c1cccbe5e874fbd6c34c86c257670480d8_amd64 as a component of Red Hat OpenStack Platform 16.2*
Red Hatregistry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:52d027283d31a428616b90315b0d67f489770e05260cebe35725f18d6f60ad3f_amd64 as a component of Red Hat OpenStack Platform 16.2registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:52d027283d31a428616b90315b0d67f489770e05260cebe35725f18d6f60ad3f_amd64, registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:52d027283d31a428616b90315b0d67f489770e05260cebe35725f18d6f60ad3f_amd64, registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:52d027283d31a428616b90315b0d67f489770e05260cebe35725f18d6f60ad3f_amd64
Red Hatregistry.redhat.io/rhosp-rhel8/osp-director-downloader@sha256:3e44aea04cf6633eeafba0cbd902447bcb76a46d299cce6eaccf0ee92f1d3988_amd64 as a component of Red Hat OpenStack Platform 16.2registry.redhat.io/rhosp-rhel8/osp-director-downloader@sha256:3e44aea04cf6633eeafba0cbd902447bcb76a46d299cce6eaccf0ee92f1d3988_amd64, registry.redhat.io/rhosp-rhel8/osp-director-downloader@sha256:3e44aea04cf6633eeafba0cbd902447bcb76a46d299cce6eaccf0ee92f1d3988_amd64, registry.redhat.io/rhosp-rhel8/osp-director-downloader@sha256:3e44aea04cf6633eeafba0cbd902447bcb76a46d299cce6eaccf0ee92f1d3988_amd64
Red Hatregistry.redhat.io/rhosp-rhel8/osp-director-agent@sha256:26005fbf7d5e2b62db9368a3ec4858c22c653e45abe328feda7dc26e3039b355_amd64 as a component of Red Hat OpenStack Platform 16.2registry.redhat.io/rhosp-rhel8/osp-director-agent@sha256:26005fbf7d5e2b62db9368a3ec4858c22c653e45abe328feda7dc26e3039b355_amd64, registry.redhat.io/rhosp-rhel8/osp-director-agent@sha256:26005fbf7d5e2b62db9368a3ec4858c22c653e45abe328feda7dc26e3039b355_amd64, *
Red Hatregistry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:52d027283d31a428616b90315b0d67f489770e05260cebe35725f18d6f60ad3f_amd64 as a component of Red Hat OpenStack Platform 16.2registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:52d027283d31a428616b90315b0d67f489770e05260cebe35725f18d6f60ad3f_amd64
Red Hatregistry.redhat.io/rhosp-rhel8/osp-director-operator@sha256:74254effff84e9bfe9bca9dcf1d1b9c1cccbe5e874fbd6c34c86c257670480d8_amd64 as a component of Red Hat OpenStack Platform 16.2registry.redhat.io/rhosp-rhel8/osp-director-operator@sha256:74254effff84e9bfe9bca9dcf1d1b9c1cccbe5e874fbd6c34c86c257670480d8_amd64, registry.redhat.io/rhosp-rhel8/osp-director-operator@sha256:74254effff84e9bfe9bca9dcf1d1b9c1cccbe5e874fbd6c34c86c257670480d8_amd64, *
Red Hatregistry.redhat.io/rhosp-rhel8/osp-director-agent@sha256:26005fbf7d5e2b62db9368a3ec4858c22c653e45abe328feda7dc26e3039b355_amd64 as a component of Red Hat OpenStack Platform 16.2registry.redhat.io/rhosp-rhel8/osp-director-agent@sha256:26005fbf7d5e2b62db9368a3ec4858c22c653e45abe328feda7dc26e3039b355_amd64

Exploit Intelligence

Timeline

  • Feb 23, 2026 CVE Published
  • Apr 28, 2026 Distribution Patch
  • Apr 28, 2026 Distribution Patch
  • Apr 28, 2026 Security Advisory
  • Apr 28, 2026 Security Advisory
  • Apr 28, 2026 Security Advisory
  • May 14, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›