Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-rgh6-rfwx-v388 | Arbitrary host CRI log file read via symlink following in CRI checkpoint restore |
Ubuntu USN |
USN-8472-1 | containerd vulnerabilities |
Ubuntu USN |
USN-8473-1 | containerd vulnerabilities |
Fri, 03 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-59 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Thu, 02 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 02 Jul 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Containerd
Containerd containerd |
|
| Vendors & Products |
Containerd
Containerd containerd |
Wed, 01 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9. | |
| Title | containerd: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore | |
| Weaknesses | CWE-61 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-02T14:34:50.018Z
Reserved: 2026-06-09T17:05:25.059Z
Link: CVE-2026-53489
Updated: 2026-07-02T14:34:45.686Z
No data.
OpenCVE Enrichment
Updated: 2026-07-08T01:45:03Z
Github GHSA
Ubuntu USN