Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-fqw6-gf59-qr4w | containerd user ID handling bypass allows runAsNonRoot evasion |
Fri, 03 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-681 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Thu, 02 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Containerd
Containerd containerd |
|
| Vendors & Products |
Containerd
Containerd containerd |
Wed, 01 Jul 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes runAsNonRoot restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user. This issue has been fixed in versions 1.7.32, 2.0.9, 2.2.4 and 2.3.1. | |
| Title | containerd user ID handling bypass allows runAsNonRoot evasion | |
| Weaknesses | CWE-269 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-03T03:56:06.341Z
Reserved: 2026-05-15T21:46:51.547Z
Link: CVE-2026-46680
Updated: 2026-07-02T12:51:41.289Z
No data.
OpenCVE Enrichment
Updated: 2026-07-07T14:30:04Z
Github GHSA