RunAsNonRoot Evasion Vulnerability in Containerd by Docker
CVE-2026-46680

7.3HIGH

Key Information:

Vendor

Containerd

Vendor
CVE Published:
1 July 2026

What is CVE-2026-46680?

Containerd, an open-source container runtime by Docker, has a vulnerability in versions prior to 1.7.32, 2.0.9, 2.2.4, and 2.3.1. This flaw arises when a container is launched with a numeric User directive that cannot be parsed as a 32-bit integer, causing it to be misinterpreted as a username. If a malicious image supplies an /etc/passwd file that links this unwieldy numeric string to the root user, it can result in the container running with root privileges (UID 0). This exploitation undermines Kubernetes' runAsNonRoot feature, potentially leading to unintended behaviors in environments that enforce non-root execution for enhanced security.

Affected Version(s)

containerd < 1.7.32 < 1.7.32

containerd >= 2.0.4, < 2.0.9 < 2.0.4, 2.0.9

containerd >= 2.0.10, < 2.2.4 < 2.0.10, 2.2.4

References

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.