Denial-of-Service Vulnerability in Podman Desktop by Red Hat
CVE-2026-34045

8.2HIGH

Key Information:

Vendor: Podman-desktop
Status: Podman-desktop
Vendor: CVE Published:; 7 April 2026

🔔 Create Podman-desktop Vulnerability Alert

What is CVE-2026-34045?

Podman Desktop, a graphical tool for container and Kubernetes development, prior to version 1.26.2, includes an unauthenticated HTTP server that may enable network attackers to induce denial-of-service conditions and extract sensitive information. The lack of connection limits and timeouts can lead to exhaustion of system resources, including file descriptors and kernel memory, potentially resulting in application crashes or complete system freezes. Furthermore, verbose error messages unintentionally disclose critical internal paths and sensitive system details, such as usernames on Windows systems, which could facilitate additional cyber exploits. Users are strongly advised to upgrade to version 1.26.2 to mitigate these security risks.

Affected Version(s)

podman-desktop < 1.26.2

References

https://github.com/podman-desktop/podman-desktop/security...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Mar 25, 2026

CVE-2026-34045 Data

JSON