{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-34045/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2026-34045"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["podman-desktop","denial-of-service","information-disclosure","cve-2026-34045","linux","windows"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ePodman Desktop, a graphical tool for container and Kubernetes development, is vulnerable to an unauthenticated remote attack in versions prior to 1.26.2. The exposed HTTP server lacks proper connection limits and timeouts, enabling attackers to exhaust file descriptors and kernel memory. This resource exhaustion leads to denial-of-service conditions, potentially crashing the application or freezing the entire host system. Furthermore, verbose error responses from the server inadvertently disclose internal paths and system details, including usernames on Windows systems. This information leakage facilitates further exploitation attempts. The vulnerability, identified as CVE-2026-34045, requires no authentication or user interaction and is exploitable over a network, making it a significant threat to systems running vulnerable versions of Podman Desktop. Users should update to version 1.26.2 or later to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Podman Desktop instance running a version prior to 1.26.2 exposed on the network.\u003c/li\u003e\n\u003cli\u003eAttacker connects to the unauthenticated HTTP server exposed by Podman Desktop.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a large number of HTTP requests without proper connection management.\u003c/li\u003e\n\u003cli\u003eThe server fails to enforce connection limits, leading to an exhaustion of available file descriptors on the host system.\u003c/li\u003e\n\u003cli\u003eThe attacker sends specially crafted requests designed to trigger resource-intensive operations, consuming excessive kernel memory.\u003c/li\u003e\n\u003cli\u003eAs file descriptors and kernel memory are depleted, the Podman Desktop application becomes unresponsive.\u003c/li\u003e\n\u003cli\u003eThe system experiences a denial-of-service condition, potentially leading to application crash or a full host freeze.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes verbose error responses to gain insights into internal paths and system details, potentially including usernames on Windows, to prepare for further attacks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-34045 can lead to a complete denial-of-service of the Podman Desktop application, disrupting container and Kubernetes development workflows. In severe cases, the entire host system may freeze, requiring a reboot and causing data loss or corruption. The information disclosure aspect of the vulnerability, leaking internal paths and usernames, can aid attackers in crafting more targeted and sophisticated attacks against the compromised system. The lack of authentication makes all installations of vulnerable Podman Desktop versions potential targets, impacting developers and organizations relying on this tool.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade Podman Desktop to version 1.26.2 or later to patch CVE-2026-34045.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation and firewall rules to restrict access to the Podman Desktop HTTP server only to trusted networks, mitigating external exploitation.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Excessive HTTP Requests to Podman Desktop\u0026rdquo; to identify potential denial-of-service attempts against vulnerable Podman Desktop instances.\u003c/li\u003e\n\u003cli\u003eMonitor webserver logs for unusual HTTP requests and error responses from Podman Desktop, correlating them with potential exploitation attempts. Enable webserver logging to activate the rule above.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T21:17:17Z","date_published":"2026-04-07T21:17:17Z","id":"/briefs/2026-04-podman-desktop-dos/","summary":"Podman Desktop versions prior to 1.26.2 expose an unauthenticated HTTP server, allowing remote attackers to trigger denial-of-service conditions by exhausting resources and extract sensitive information through verbose error responses.","title":"Unauthenticated Denial-of-Service and Information Disclosure in Podman Desktop","url":"https://feed.craftedsignal.io/briefs/2026-04-podman-desktop-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-34045","version":"https://jsonfeed.org/version/1.1"}