Tag
A critical vulnerability (CVE-2026-53488) exists in the containerd CRI plugin where image configuration `LABEL` instructions are propagated to containers without validation, allowing an attacker to inject and execute arbitrary commands with host-root privileges on the underlying host when a maliciously crafted container image is pulled and processed by specific plugins.