{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/containerd--2.1.9/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["containerd \u003c 1.7.33","containerd \u003c 2.0.10","containerd \u003c 2.1.9","containerd \u003c 2.2.5","containerd \u003c 2.3.2"],"_cs_severities":["high"],"_cs_tags":["container","container-runtime","kubernetes","rce","supply-chain","linux"],"_cs_type":"advisory","_cs_vendors":["containerd"],"content_html":"\u003cp\u003eA significant vulnerability, tracked as CVE-2026-53488, has been discovered in the containerd CRI plugin, impacting versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5, and 2.3.2. This flaw allows for host-root command execution stemming from an image pull operation. The vulnerability arises because the CRI plugin fails to properly validate \u003ccode\u003eLABEL\u003c/code\u003e instructions embedded within an image's configuration. When a crafted container image is pulled, these unvalidated labels are propagated to the container's metadata. Subsequently, if another containerd plugin (e.g., the \u003ccode\u003erestart-monitor\u003c/code\u003e with a \u003ccode\u003ebinary://\u003c/code\u003e logger) consumes these labels for its operations, it can inadvertently execute arbitrary commands with the privileges of the underlying host. The issue was independently discovered and responsibly disclosed by Anthropic Research, Claude, the GKE Security Team using Gemini, and Robert Prast. This vulnerability poses a severe risk, as it enables attackers to compromise container hosts simply by enticing users to pull a malicious image.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious container image (e.g., Docker image) that includes a specially formatted \u003ccode\u003eLABEL\u003c/code\u003e instruction within its Dockerfile, designed to execute arbitrary commands.\u003c/li\u003e\n\u003cli\u003eThe attacker pushes this malicious image to a public or private container registry.\u003c/li\u003e\n\u003cli\u003eA user or automated system pulls the malicious container image to a vulnerable containerd host using a container runtime (e.g., Kubernetes via CRI).\u003c/li\u003e\n\u003cli\u003eThe containerd CRI plugin processes the image configuration, including the unvalidated \u003ccode\u003eLABEL\u003c/code\u003e instruction.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability (CVE-2026-53488), the CRI plugin propagates this unvalidated, malicious \u003ccode\u003eLABEL\u003c/code\u003e content directly into the container's metadata or configuration.\u003c/li\u003e\n\u003cli\u003eA containerd plugin, such as the \u003ccode\u003erestart-monitor\u003c/code\u003e utilizing a \u003ccode\u003ebinary://\u003c/code\u003e logger, consumes the crafted label from the container's metadata.\u003c/li\u003e\n\u003cli\u003eThe consuming plugin attempts to interpret and execute the content of the malicious label as a command or binary path.\u003c/li\u003e\n\u003cli\u003eThe arbitrary command embedded within the \u003ccode\u003eLABEL\u003c/code\u003e is executed on the host system with escalated privileges (often root), leading to host compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-53488 grants an attacker the ability to execute arbitrary commands with host-root privileges on the compromised containerd host. This can lead to a complete compromise of the host system, allowing attackers to establish persistence, exfiltrate sensitive data, deploy additional malware (e.g., ransomware, cryptominers), or pivot to other systems within the environment. Given the widespread use of containerd in container orchestration platforms like Kubernetes, this vulnerability presents a critical threat to containerized environments, potentially impacting a broad range of industries and organizations that rely on such infrastructure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-53488 on all vulnerable containerd installations immediately by upgrading to containerd versions 2.3.2, 2.2.5, 2.1.9, 2.0.10, or 1.7.33.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM and tune for your environment to detect suspicious process creation and network connections originating from containerd processes.\u003c/li\u003e\n\u003cli\u003eEnsure Sysmon for Linux or equivalent process logging is enabled on all container hosts to activate the rules above.\u003c/li\u003e\n\u003cli\u003eImplement strict image provenance and only use trusted container images from known-good registries, as recommended in the workarounds section.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-19T19:45:56Z","date_published":"2026-06-19T19:45:56Z","id":"https://feed.craftedsignal.io/briefs/2026-06-containerd-cri-rce/","summary":"A critical vulnerability (CVE-2026-53488) exists in the containerd CRI plugin where image configuration `LABEL` instructions are propagated to containers without validation, allowing an attacker to inject and execute arbitrary commands with host-root privileges on the underlying host when a maliciously crafted container image is pulled and processed by specific plugins.","title":"Critical containerd CRI Vulnerability (CVE-2026-53488) Leads to Host-Root Command Execution","url":"https://feed.craftedsignal.io/briefs/2026-06-containerd-cri-rce/"}],"language":"en","title":"CraftedSignal Threat Feed - Containerd \u003c 2.1.9","version":"https://jsonfeed.org/version/1.1"}