{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/kata-containers/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Contrast CLI","contrast generate","Kata agent"],"_cs_severities":["high"],"_cs_tags":["kata-containers","container-security","privilege-escalation"],"_cs_type":"advisory","_cs_vendors":["Edgeless Systems","Kata Containers"],"content_html":"\u003cp\u003eA vulnerability exists in the Kata agent policies generated by the Contrast CLI (versions prior to v1.19.1). Specifically, the \u003ccode\u003eCopyFile\u003c/code\u003e verification process is flawed, enabling a malicious host process to write arbitrary data to the guest root filesystem. This attack vector leverages the Kata agent\u0026rsquo;s VSOCK interface, allowing a compromised host to connect to the agent and issue malicious \u003ccode\u003eCopyFile\u003c/code\u003e requests. The successful exploitation can overwrite critical security files or deceive the workload into divulging sensitive data. This flaw has a high impact, potentially resulting in a complete guest takeover. The issue was patched in Contrast v1.19.1.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA malicious process gains the capability to connect to the Kata agent VSOCK.\u003c/li\u003e\n\u003cli\u003eThe malicious process connects to the Kata agent via VSOCK.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a series of \u003ccode\u003eCopyFile\u003c/code\u003e requests.\u003c/li\u003e\n\u003cli\u003eThese \u003ccode\u003eCopyFile\u003c/code\u003e requests are designed to exploit the vulnerability in the Contrast CLI-generated Kata agent policies.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the \u003ccode\u003eCopyFile\u003c/code\u003e requests to create symlinks pointing to sensitive or critical system files.\u003c/li\u003e\n\u003cli\u003eThe attacker then uses \u003ccode\u003eCopyFile\u003c/code\u003e requests to write arbitrary data to the targeted files via the created symlinks.\u003c/li\u003e\n\u003cli\u003eSecurity-critical files within the guest root filesystem are overwritten or modified by the attacker.\u003c/li\u003e\n\u003cli\u003eThe compromised system facilitates a full guest takeover, potentially enabling further malicious activities within the containerized environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows a malicious host process to gain full control over the guest container. This can lead to data exfiltration, denial of service, or further lateral movement within the infrastructure. While the exact number of affected systems is not specified, any environment relying on affected Contrast CLI versions to generate Kata agent policies is potentially at risk. The impact is a full guest takeover.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Contrast CLI to version v1.19.1 or later to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately possible, implement the policy-only fix described in the provided resources, specifically the rego fix, and pass it to \u003ccode\u003econtrast generate --policy\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor network connections to the Kata agent VSOCK for unusual or unauthorized activity, especially originating from untrusted processes.\u003c/li\u003e\n\u003cli\u003eImplement host-based intrusion detection systems (HIDS) to detect unauthorized file modifications within the guest root filesystem.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T20:57:17Z","date_published":"2026-04-30T20:57:17Z","id":"/briefs/2026-04-contrast-copyfile-vuln/","summary":"A vulnerability in the CopyFile verification of Kata agent policies generated by the Contrast CLI allows arbitrary writes to the guest root filesystem, potentially leading to a full guest takeover.","title":"Contrast CLI CopyFile Policy Subversion via Symlinks Allows Guest Root Filesystem Writes","url":"https://feed.craftedsignal.io/briefs/2026-04-contrast-copyfile-vuln/"},{"_cs_actors":[],"_cs_cves":[{"id":"CVE-2026-41326"}],"_cs_exploited":false,"_cs_products":["kata-containers/kata-containers (\u003c 0.0.0-20260422180503-1b9e49eb2763)"],"_cs_severities":["high"],"_cs_tags":["kata-containers","container-escape","symlink"],"_cs_type":"advisory","_cs_vendors":["kata-containers"],"content_html":"\u003cp\u003eAn oversight in the CopyFile policy within Kata Containers allows a malicious host to manipulate guest workload images. The vulnerability stems from insufficient validation within the \u003ccode\u003eCopyFileRequest\u003c/code\u003e policy, specifically related to symlink creation. The policy primarily checks the destination path of copied files but fails to adequately validate the target of symlinks created via the same API. This flaw was discovered by @calonso-nv and impacts environments where the \u003ccode\u003egenpolicy\u003c/code\u003e implementation is used to prevent host access to container images, including Confidential Containers workloads which rely on strong isolation. If the guest image is not protected from the host (e.g., when using unprotected host pull), the system is not vulnerable. The affected package is \u003ccode\u003ego/github.com/kata-containers/kata-containers\u003c/code\u003e versions prior to \u003ccode\u003e0.0.0-20260422180503-1b9e49eb2763\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a target file within the guest container image, such as a binary or configuration file they wish to overwrite.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a \u003ccode\u003eCopyFileRequest\u003c/code\u003e to create a symbolic link within the \u003ccode\u003e/run/kata-containers/shared/containers\u003c/code\u003e directory.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003epath\u003c/code\u003e parameter of the request specifies the location of the symlink within the shared directory.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003edata\u003c/code\u003e parameter of the request specifies the target of the symbolic link, which points to the target file identified in step 1, inside the guest file system.\u003c/li\u003e\n\u003cli\u003eThe Kata Agent processes the \u003ccode\u003eCopyFileRequest\u003c/code\u003e, creating the symbolic link within the shared directory, pointing to the target file inside the container image.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a second \u003ccode\u003eCopyFileRequest\u003c/code\u003e to copy malicious data into the symlink created in step 5.\u003c/li\u003e\n\u003cli\u003eThe Kata Agent writes the malicious data to the symlink, which then overwrites the original target file within the container image.\u003c/li\u003e\n\u003cli\u003eThe attacker restarts the container or waits for the compromised binary to be executed, achieving arbitrary code execution within the guest.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows attackers to overwrite arbitrary files within container images managed by Kata Containers. This can lead to arbitrary code execution within the guest environment, data exfiltration, and privilege escalation. This is particularly critical in Confidential Containers environments where the trust model explicitly forbids host access to container images. Affected systems are those employing the upstream \u003ccode\u003egenpolicy\u003c/code\u003e implementation.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to \u003ccode\u003ego/github.com/kata-containers/kata-containers\u003c/code\u003e version \u003ccode\u003e0.0.0-20260422180503-1b9e49eb2763\u003c/code\u003e or later to address CVE-2026-41326.\u003c/li\u003e\n\u003cli\u003eMonitor the creation of symbolic links within the \u003ccode\u003e/run/kata-containers/shared/containers\u003c/code\u003e directory, using the provided Sigma rule, as this is an unusual operation (file_event).\u003c/li\u003e\n\u003cli\u003eImplement strict access controls and monitoring for the Kata Agent to prevent unauthorized \u003ccode\u003eCopyFileRequest\u003c/code\u003e messages.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-03-kata-containers-copyfile-symlink/","summary":"An oversight in the CopyFile policy in Kata Containers allows untrusted hosts to write to arbitrary locations inside the guest workload image via symlinks, enabling binary overwrites and data exfiltration.","title":"Kata Containers CopyFile Policy Subversion via Symlinks","url":"https://feed.craftedsignal.io/briefs/2024-01-03-kata-containers-copyfile-symlink/"}],"language":"en","title":"CraftedSignal Threat Feed — Kata-Containers","version":"https://jsonfeed.org/version/1.1"}