Tag
high
advisory
containerd CRI Checkpoint Restore CDI Annotation Smuggling Vulnerability (CVE-2026-53492)
2 rules 2 TTPsA high-severity vulnerability (CVE-2026-53492) in containerd's CRI implementation allows an attacker with pod creation permissions to smuggle arbitrary Container Device Interface (CDI) annotations during container restoration, bypassing Kubernetes resource allocation and enabling unauthorized device and host mount injection into the restored container.
containerd +2
kubernetes
vulnerability
privilege-escalation
linux
cloud
2r
2t
high
advisory
Containerd runAsNonRoot Bypass via Crafted User Directive (CVE-2026-46680)
2 rules 1 TTP 1 CVEA vulnerability in containerd allows for bypassing the Kubernetes `runAsNonRoot` restriction by exploiting a misinterpretation of large numeric User directives in container images, potentially leading to container execution as root (UID 0); this is tracked as CVE-2026-46680 and CVE-2024-40635.
containerd/containerd +1
runAsNonRoot
privilege-escalation
containerd
kubernetes
2r
1t
1c