Skip to content

Update module github.com/containerd/containerd/v2 to v2.2.5 [SECURITY]#492

Open
renovate-rancher[bot] wants to merge 1 commit into
mainfrom
renovate/go-github.com-containerd-containerd-v2-vulnerability
Open

Update module github.com/containerd/containerd/v2 to v2.2.5 [SECURITY]#492
renovate-rancher[bot] wants to merge 1 commit into
mainfrom
renovate/go-github.com-containerd-containerd-v2-vulnerability

Conversation

@renovate-rancher

@renovate-rancher renovate-rancher Bot commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/containerd/containerd/v2 v2.2.4v2.2.5 age confidence

containerd image-triggered runtime DoS via unbounded group parsing

CVE-2026-47262 / GHSA-jpcc-p29g-p8mq

More information

Details

Impact

A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components.

Patches

This bug has been fixed in the following containerd versions:

  • 2.3.2
  • 2.2.5
  • 2.1.9
  • 2.0.10
  • 1.7.33

Users should update to these versions to resolve the issue.

Workarounds

Ensure that only trusted images are used and that only trusted users have permissions to import images or schedule pods.

Credits

The containerd project would like to thank Jakub Ciolek (@​jake-ciolek) at AlphaSense and Kyle Elliott @​ Trail of Bits who independently discovered and responsibly disclosed this issue in accordance with the containerd security policy.

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 6.9 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


containerd: CRI checkpoint import allows local image tag poisoning

CVE-2026-50195 / GHSA-cvxm-645q-p574

More information

Details

Impact

containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node's local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an IfNotPresent (or Never) pull policy, they will unknowingly execute the attacker's malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod's identity.

Patches

This bug has been fixed in the following containerd versions:

  • 2.3.2
  • 2.2.5
  • 2.1.9

Users should update to these versions to resolve the issue.

Workarounds

Users should only allow trusted images to be pulled.

Credits

The containerd project would like to thank Henry Beberman (@​hbeberman) of Microsoft, the GKE Security Team using Gemini, Anthropic Research, in collaboration with Claude, and Robert Prast (@​robertprast) who independently discovered and responsibly disclosed this issue in accordance with the containerd security policy.

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 5.6 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


containerd CRI — image-config LABEL flows to restart-monitor binary:// logger: host-root command execution from an image pull

CVE-2026-53488 / GHSA-xhf5-7wjv-pqxp

More information

Details

Impact

A bug was found in containerd where the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations.

Patches

This bug has been fixed in the following containerd versions:

  • 2.3.2
  • 2.2.5
  • 2.1.9
  • 2.0.10
  • 1.7.33

Users should update to these versions to resolve the issue.

Workarounds

Ensure that only trusted images are used.

Credits

The containerd project would like to thank Anthropic Research, in collaboration with Claude, the GKE Security Team using Gemini, and Robert Prast (@​robertprast) for independently discovering and responsibly disclosing this issue in accordance with the containerd security policy.

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 8.7 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

CVE-2026-53489 / GHSA-rgh6-rfwx-v388

More information

Details

Impact

A bug was found in containerd where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs.

Patches

This bug has been fixed in the following containerd versions:

  • 2.3.2
  • 2.2.5
  • 2.1.9

Users should update to these versions to resolve the issue.

Workarounds

Ensure that only trusted images and checkpoints are used.

Credits

The containerd project would like to thank @​gouldnicholas and @​davidrxchester, Yuming Zhang and Song Li of Zhejiang University, Sangwon Ryu (@​sangwon090), Henry Beberman (@​hbeberman) of Microsoft, the GKE Security Team using Gemini, Anthropic Research, in collaboration with Claude, Robert Prast (@​robertprast),
Kyle Elliott (@​kyle-elliott-tob) of Trail of Bits, and Zhenchen Wang (@​Plucky923), who independently discovered and responsibly disclosed this issue in accordance with the containerd security policy.

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 7.1 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


containerd CRI checkpoint restore CDI annotation smuggling

CVE-2026-53492 / GHSA-33vj-92qq-66hc

More information

Details

Impact

containerd's CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod's create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected.

Patches

This bug has been fixed in the following containerd versions:

  • 2.3.2
  • 2.2.5
  • 2.1.9

Users should update to these versions to resolve the issue. Recreating existing containers restored from untrusted checkpoints may be necessary to remove smuggled configuration.

Workarounds

Users can mitigate this issue by restricting the restoration of containers from untrusted checkpoint images. If Container Device Interface (CDI) capabilities are not utilized on the node, removing or temporarily relocating host CDI specifications from the default directories (/etc/cdi and /var/run/cdi) will eliminate the reachability of this vulnerability.

Credits

The containerd project would like to thank Robert Prast (@​robertprast) for responsibly disclosing this issue in accordance with the containerd security policy.

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 8.4 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


containerd CRI checkpoint restore CDI annotation smuggling

CVE-2026-53492 / GHSA-33vj-92qq-66hc / GO-2026-5064

More information

Details

Impact

containerd's CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod's create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected.

Patches

This bug has been fixed in the following containerd versions:

  • 2.3.2
  • 2.2.5
  • 2.1.9

Users should update to these versions to resolve the issue. Recreating existing containers restored from untrusted checkpoints may be necessary to remove smuggled configuration.

Workarounds

Users can mitigate this issue by restricting the restoration of containers from untrusted checkpoint images. If Container Device Interface (CDI) capabilities are not utilized on the node, removing or temporarily relocating host CDI specifications from the default directories (/etc/cdi and /var/run/cdi) will eliminate the reachability of this vulnerability.

Credits

The containerd project would like to thank Robert Prast (@​robertprast) for responsibly disclosing this issue in accordance with the containerd security policy.

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 8.4 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


containerd: CRI checkpoint import allows local image tag poisoning

CVE-2026-50195 / GHSA-cvxm-645q-p574 / GO-2026-5338

More information

Details

Impact

containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node's local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an IfNotPresent (or Never) pull policy, they will unknowingly execute the attacker's malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod's identity.

Patches

This bug has been fixed in the following containerd versions:

  • 2.3.2
  • 2.2.5
  • 2.1.9

Users should update to these versions to resolve the issue.

Workarounds

Users should only allow trusted images to be pulled.

Credits

The containerd project would like to thank Henry Beberman (@​hbeberman) of Microsoft, the GKE Security Team using Gemini, Anthropic Research, in collaboration with Claude, and Robert Prast (@​robertprast) who independently discovered and responsibly disclosed this issue in accordance with the containerd security policy.

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 5.6 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:L

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


containerd image-triggered runtime DoS via unbounded group parsing

CVE-2026-47262 / GHSA-jpcc-p29g-p8mq / GO-2026-5475

More information

Details

Impact

A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components.

Patches

This bug has been fixed in the following containerd versions:

  • 2.3.2
  • 2.2.5
  • 2.1.9
  • 2.0.10
  • 1.7.33

Users should update to these versions to resolve the issue.

Workarounds

Ensure that only trusted images are used and that only trusted users have permissions to import images or schedule pods.

Credits

The containerd project would like to thank Jakub Ciolek (@​jake-ciolek) at AlphaSense and Kyle Elliott @​ Trail of Bits who independently discovered and responsibly disclosed this issue in accordance with the containerd security policy.

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 6.9 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

CVE-2026-53489 / GHSA-rgh6-rfwx-v388 / GO-2026-5622

More information

Details

Impact

A bug was found in containerd where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs.

Patches

This bug has been fixed in the following containerd versions:

  • 2.3.2
  • 2.2.5
  • 2.1.9

Users should update to these versions to resolve the issue.

Workarounds

Ensure that only trusted images and checkpoints are used.

Credits

The containerd project would like to thank @​gouldnicholas and @​davidrxchester, Yuming Zhang and Song Li of Zhejiang University, Sangwon Ryu (@​sangwon090), Henry Beberman (@​hbeberman) of Microsoft, the GKE Security Team using Gemini, Anthropic Research, in collaboration with Claude, Robert Prast (@​robertprast),
Kyle Elliott (@​kyle-elliott-tob) of Trail of Bits, and Zhenchen Wang (@​Plucky923), who independently discovered and responsibly disclosed this issue in accordance with the containerd security policy.

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 7.1 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


containerd CRI — image-config LABEL flows to restart-monitor binary:// logger: host-root command execution from an image pull

CVE-2026-53488 / GHSA-xhf5-7wjv-pqxp / GO-2026-5758

More information

Details

Impact

A bug was found in containerd where the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations.

Patches

This bug has been fixed in the following containerd versions:

  • 2.3.2
  • 2.2.5
  • 2.1.9
  • 2.0.10
  • 1.7.33

Users should update to these versions to resolve the issue.

Workarounds

Ensure that only trusted images are used.

Credits

The containerd project would like to thank Anthropic Research, in collaboration with Claude, the GKE Security Team using Gemini, and Robert Prast (@​robertprast) for independently discovering and responsibly disclosing this issue in accordance with the containerd security policy.

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Severity

  • CVSS Score: 8.7 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


containerd CRI checkpoint restore CDI annotation smuggling in github.com/containerd/containerd

CVE-2026-53492 / GHSA-33vj-92qq-66hc / GO-2026-5064

More information

Details

containerd CRI checkpoint restore CDI annotation smuggling in github.com/containerd/containerd

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).


containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd

CVE-2026-50195 / GHSA-cvxm-645q-p574 / GO-2026-5338

More information

Details

containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).


containerd image-triggered runtime DoS via unbounded group parsing in github.com/containerd/containerd

CVE-2026-47262 / GHSA-jpcc-p29g-p8mq / GO-2026-5475

More information

Details

containerd image-triggered runtime DoS via unbounded group parsing in github.com/containerd/containerd

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).


Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd

CVE-2026-53489 / GHSA-rgh6-rfwx-v388 / GO-2026-5622

More information

Details

Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).


containerd CRI — image-config LABEL flows to restart-monitor binary:// logger: host-root command execution from an image pull in github.com/containerd/containerd

CVE-2026-53488 / GHSA-xhf5-7wjv-pqxp / GO-2026-5758

More information

Details

containerd CRI — image-config LABEL flows to restart-monitor binary:// logger: host-root command execution from an image pull in github.com/containerd/containerd

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).


Release Notes

containerd/containerd (github.com/containerd/containerd/v2)

v2.2.5: containerd 2.2.5

Compare Source

Welcome to the v2.2.5 release of containerd!

The fifth patch release for containerd 2.2 contains various fixes
and updates including security patches.

Security Updates

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors
  • Samuel Karp
  • Chris Henzie
  • Akihiro Suda
  • Derek McGowan
  • Maksym Pavlenko
  • Akhil Mohan
  • Ben Cressey
  • Brian Goff
  • Davanum Srinivas
  • Sebastiaan van Stijn
Changes
27 commits

  • Prepare release notes for v2.2.5 (#​13628)
    • 269031099 Prepare release notes for v2.2.5
    • ad59aa564 Merge commit from fork
    • 0b4d23690 Merge commit from fork
    • be8460656 cri: filter CDI annotations on checkpoint restore
    • 347240f72 Merge commit from fork
    • cff578841 cri: do not re-tag restored checkpoints
    • 668cf2c2f Merge commit from fork
    • 357652293 cri: make checkpoint restore robust to unexpected archive content
    • d43da05af Merge commit from fork
    • 30708e8d1 Bound user-database file reads in openUserFile
    • 028647ea2 Merge commit from fork
    • b6072a49f Do not propagate reserved labels from image configs
  • vendor: golang.org/x/crypto v0.53.0 (#​13607)
    • cfea2c141 [release/2.2] vendor: golang.org/x/crypto v0.53.0
  • update runc binary to v1.3.6 (#​13606)
  • update go to 1.26.4/1.25.11 (#​13577)
  • Configure udevd children-max for root-test (#​13567)
    • 2b7dfbd7f Configure udevd children-max for root-test
  • Clean up disk space in node e2e workflow (#​13548)
    • 1500e586f Clean up disk space in node e2e workflow
  • contrib/checkpoint: increase timeouts to 30s (#​13460)
    • 9991e944e contrib/checkpoint: increase timeouts to 30s
  • release: don't mark 2.2 releases as latest (#​13458)
    • 55a1f85d5 release: don't mark 2.2 releases as latest

Dependency Changes
  • golang.org/x/crypto v0.45.0 -> v0.53.0
  • golang.org/x/mod v0.29.0 -> v0.36.0
  • golang.org/x/net v0.47.0 -> v0.55.0
  • golang.org/x/sync v0.18.0 -> v0.21.0
  • golang.org/x/sys v0.38.0 -> v0.46.0
  • golang.org/x/term v0.37.0 -> v0.44.0
  • golang.org/x/text v0.31.0 -> v0.38.0

Previous release can be found at v2.2.4

Which file should I download?
  • containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04).
  • containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@renovate-rancher renovate-rancher Bot requested a review from a team as a code owner June 21, 2026 06:15
@renovate-rancher renovate-rancher Bot requested a review from kyledong-suse June 21, 2026 06:15
@renovate-rancher

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 5 additional dependencies were updated

Details:

Package Change
golang.org/x/crypto v0.52.0 -> v0.53.0
golang.org/x/sync v0.20.0 -> v0.21.0
golang.org/x/sys v0.45.0 -> v0.46.0
golang.org/x/term v0.43.0 -> v0.44.0
golang.org/x/text v0.37.0 -> v0.38.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants