๐Ÿ” CVE Alert

CVE-2026-53489

UNKNOWN 0.0

containerd: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

CVSS Score
0.0
EPSS Score
0.2%
EPSS Percentile
16th

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.

CWE CWE-61
Vendor containerd
Product containerd
Published Jul 1, 2026
Last Updated Jul 2, 2026
Stay Ahead of the Next One

Get instant alerts for containerd containerd

Be the first to know when new unknown vulnerabilities affecting containerd containerd are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

containerd / containerd
>= 2.1.0, < 2.1.9 >= 2.2.0, < 2.2.5 >= 2.3.0, < 2.3.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388