CVE-2026-53488
highCVSS v3 Base Score
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.2%
Exploitation probability in 30 days
Top 86% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.
CWE
CWE-78Affected Products
Assisted Installer for Red Hat OpenShift Container Platform 2Confidential Compute AttestationDeployment Validation OperatorGatekeeper 3Kernel Module Management Operator for Red Hat OpenshiftLogging Subsystem for Red Hat OpenShiftLogical Volume Manager StorageMachine Deletion Remediation OperatorMCP Server for Red Hat OpenShiftMigration Toolkit for Containers