containerd vulnerabilities
Summary
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. (CVE-2026-33814) Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handled group parsing when creating containers from images. An attacker could possibly use this issue to cause containerd to consume excessive memory, resulting in a denial of service. (CVE-2026-47262) Henry Beberman and Robert Prast discovered that containerd incorrectly validated image references when importing container checkpoints. An attacker could possibly use this issue to poison the local image cache and execute arbitrary code in other pods. (CVE-2026-50195) Robert Prast discovered that containerd incorrectly propagated labels from image configurations to containers. An attacker could possibly use this issue to execute arbitrary code on the host. (CVE-2026-53488) Yuming Zhang, Song Li, Sangwon Ryu, Henry Beberman, Robert Prast, Kyle Elliott and Zhenchen Wang discovered that containerd incorrectly validated symlinked paths when restoring container checkpoints. An attacker could possibly use this issue to read arbitrary files on the host, resulting in information disclosure. (CVE-2026-53489) Robert Prast discovered that containerd incorrectly trusted device interface annotations when Affected Ubuntu releases: 26.04, 25.10. CVEs: CVE-2026-47262, CVE-2026-53489, CVE-2026-53488, CVE-2026-50195, CVE-2026-33814, CVE-2026-53492.
- Ubuntu 26.04
- Ubuntu 25.10
Official advisory · medium-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Apply available updates: `sudo apt update && sudo apt upgrade` (a standard system update installs the fix).
Official advisory · medium-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.