Skip to content
Threat Feed
Subscribe

Product

Containerd

4 briefs RSS
high advisory

Google Cloud Platform (GKE containerd): Multiple Vulnerabilities

An authenticated remote attacker can exploit multiple vulnerabilities in Google Cloud Platform, specifically within GKE containerd, to achieve arbitrary code execution, bypass security measures, manipulate data, disclose confidential information, or cause a denial-of-service condition.

Cloud Platform +2 cloud-security container-security vulnerability rce
3r 5t
high advisory

Containerd runAsNonRoot Bypass via Crafted User Directive (CVE-2026-46680)

A vulnerability in containerd allows for bypassing the Kubernetes `runAsNonRoot` restriction by exploiting a misinterpretation of large numeric User directives in container images, potentially leading to container execution as root (UID 0); this is tracked as CVE-2026-46680 and CVE-2024-40635.

containerd/containerd +1 runAsNonRoot privilege-escalation containerd kubernetes
2r 1t 1c
high advisory

Containerd runAsNonRoot Bypass via Crafted User Directive (CVE-2026-46680)

A vulnerability in containerd allows for bypassing the Kubernetes `runAsNonRoot` restriction by exploiting a misinterpretation of large numeric User directives in container images, potentially leading to container execution as root (UID 0); this is tracked as CVE-2026-46680 and CVE-2024-40635.

containerd/containerd +1 runAsNonRoot privilege-escalation containerd kubernetes
2r 1t 1c
medium advisory

Unusual Process Connecting to Docker or Containerd Socket

An unusual process connecting to a container runtime Unix socket like Docker or Containerd can indicate an attacker attempting to bypass Kubernetes security measures for container manipulation.

Auditbeat +4 container privilege-escalation lateral-movement linux
2r 3t