Symlink Vulnerability in Podman by Red Hat
CVE-2026-55686

5.3MEDIUM

Key Information:

Vendor: Podman-container-tools
Status: Podman
Vendor: CVE Published:; 26 June 2026

🔔 Create Podman-container-tools Vulnerability Alert

What is CVE-2026-55686?

Podman, an essential tool for managing OCI containers and pods, has a vulnerability where running a malicious container image that includes a symlink in the WORKDIR path can manipulate the host filesystem. This manipulation may include creating directories or altering ownership, contingent upon the presence of untrusted or malicious processes that interfere with the filesystem during the dereferencing of the symlink. The issue has been resolved in version 5.7.1.

Affected Version(s)

podman >= 3.0.0, < 5.7.1

References

https://github.com/podman-container-tools/podman/security...

x_refsource_CONFIRM

https://github.com/podman-container-tools/podman/commit/d...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 17, 2026

CVE-2026-55686 Data

JSON