Privilege Escalation Vulnerability in crun Container Runtime by Containers
CVE-2026-30892

NONE

Key Information:

Vendor

Containers

Status
Crun
Vendor
CVE Published:
25 March 2026

What is CVE-2026-30892?

The crun container runtime, developed in C, is susceptible to a privilege escalation issue due to improper parsing of command line arguments in versions 1.19 through 1.26. Specifically, the -u (--user) option misinterprets the value '1' as both UID 0 and GID 0, allowing processes to execute with unintended elevated privileges. Users are advised to upgrade to version 1.27, where this flaw has been addressed. This vulnerability poses serious risks as it could enable unauthorized access and control over the container environment.

Affected Version(s)

crun >= 1.19, < 1.27

References

https://github.com/containers/crun/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/containers/crun/commit/1bd7f42446999b0...
x_refsource_MISC
https://github.com/containers/crun/releases/tag/1.27
x_refsource_MISC

CVSS V3.1

Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.