Environment Variable Exposure in Podman Tool by Red Hat
CVE-2026-57231

7.5HIGH

Key Information:

Vendor: Podman-container-tools
Status: Podman
Vendor: CVE Published:; 26 June 2026

🔔 Create Podman-container-tools Vulnerability Alert

What is CVE-2026-57231?

An environment variable vulnerability in Podman allows a malicious container image to exfiltrate sensitive host variables. If the image contains an environment variable with a key and no value, it can trick Podman into passing host variables to the container. This issue is exacerbated when the asterisk (*) wildcard is used, enabling the transmission of all environment variables from the host. Users are advised to upgrade to Podman version 5.8.4 or 6.0.0 to mitigate this risk.

Affected Version(s)

podman >= 1.8.1, < 5.8.4

References

https://github.com/podman-container-tools/podman/security...

x_refsource_CONFIRM

https://github.com/podman-container-tools/podman/commit/6...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 24, 2026

CVE-2026-57231 Data

JSON