Arbitrary File Write Vulnerability in Kata Containers by Kata Containers
CVE-2026-41326

8.2HIGH

Key Information:

Vendor: Kata-containers
Status: Kata-containers
Vendor: CVE Published:; 24 April 2026

🔔 Create Kata-containers Vulnerability Alert

What is CVE-2026-41326?

An oversight in the CopyFile policy within Kata Containers allows untrusted hosts to write to arbitrary locations inside guest workload images, potentially compromising the security of binaries and enabling data exfiltration from containers, including those running within Container Virtual Machines (CVMs). This vulnerability was addressed in version v3.29.0.

Affected Version(s)

kata-containers >= 3.4.0, < 3.29.0

References

https://github.com/kata-containers/kata-containers/securi...

x_refsource_CONFIRM

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Apr 20, 2026

CVE-2026-41326 Data

JSON