Symlink Vulnerability in containerd by Docker
CVE-2026-53489
8.2HIGH
What is CVE-2026-53489?
A security flaw exists in the containerd open-source container runtime that allows an attacker to exploit the CRI plugin and restore the container.log from a checkpoint image without proper validation of symlink paths. This vulnerability enables unauthorized access to arbitrary files on the host machine via kubectl logs, posing significant security risks. The issue has been addressed in subsequent versions 2.3.2, 2.2.5, and 2.1.9 to mitigate this exploitation risk.
Affected Version(s)
containerd >= 2.1.0, < 2.1.9 < 2.1.0, 2.1.9
containerd >= 2.2.0, < 2.2.5 < 2.2.0, 2.2.5
containerd >= 2.3.0, < 2.3.2 < 2.3.0, 2.3.2
