Product
A critical vulnerability, CVE-2026-15809, in CRI-O allows an attacker with the ability to set container environment variables to bypass a previous fix (CVE-2022-4318), inject a newline character into the HOME environment variable, and add arbitrary lines to /etc/passwd, potentially leading to privilege escalation or persistence within the container.