CVE Catalog

CVE-2026-46680

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

In containerd prior to versions 1.7.32, 2.0.9, 2.2.4, and 2.3.1, containers with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. This allows bypassing the Kubernetes runAsNonRoot restriction if a crafted image maps this large numeric string to root in /etc/passwd, causing the container to run as root (UID 0).

Risk Assessment

The organization may face violations of Kubernetes security policies, where containers required to run as non-root can be executed with root privileges, leading to unauthorized access and potential privilege escalation within the cluster.

Recommendation

Immediately update containerd to version 1.7.32, 2.0.9, 2.2.4, or 2.3.1 depending on your branch. After updating, verify that all containers comply with the runAsNonRoot policy.

Original NVD description (English source)

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes runAsNonRoot restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user. This issue has been fixed in versions 1.7.32, 2.0.9, 2.2.4 and 2.3.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS