Arbitrary Command Execution in Container Runtime by containerd Affecting Specific Versions
CVE-2026-53488
9.4CRITICAL
What is CVE-2026-53488?
An issue has been identified in the containerd runtime where the CRI plugin improperly propagates labels from image configurations to containers without adequate validation. This oversight can potentially lead to the execution of arbitrary commands on the host system, particularly when a plugin utilizes the container labels during its operations. The vulnerability has been addressed in subsequent releases, including versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.
Affected Version(s)
containerd < 1.7.33 < 1.7.33
containerd >= 2.0.0, < 2.0.10 < 2.0.0, 2.0.10
containerd >= 2.1.0, < 2.1.9 < 2.1.0, 2.1.9
