Container Device Interface Trust Issue in containerd by Docker
CVE-2026-53492

8.4HIGH

Key Information:

Vendor

Containerd

Vendor
CVE Published:
1 July 2026

What is CVE-2026-53492?

The containerd runtime has a vulnerability that arises from the improper trust of Container Device Interface (CDI) annotations during the restoration of containers from checkpoint images. This situation allows a user with permissions to create pods to inject arbitrary CDI modifications into the restored container, bypassing the usual Kubernetes resource allocation and device plugin controls. Successful exploitation depends on the presence of an enabled CDI on the node, as well as a matching host CDI specification. This issue poses significant risks in environments reliant on Kubernetes and container orchestration.

Affected Version(s)

containerd >= 2.1.0, < 2.1.9 < 2.1.0, 2.1.9

containerd >= 2.2.0, < 2.2.5 < 2.2.0, 2.2.5

containerd >= 2.3.0, < 2.3.2 < 2.3.0, 2.3.2

References

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.