Plattform
linux
Komponente
crun
Behoben in
1.19.1
CVE-2026-30892 describes a privilege escalation vulnerability discovered in crun, an open-source OCI Container Runtime. This flaw allows an attacker to execute processes with elevated privileges due to an incorrect parsing of the -u or --user option within the crun exec command. The vulnerability affects versions 1.19 up to, but not including, 1.27. A patch is available in version 1.27.
The core of this vulnerability lies in the misinterpretation of the -u or --user flag in crun exec. When a user attempts to specify a UID of '1' using this flag, crun incorrectly interprets it as UID 0 and GID 0 (root). This allows an attacker to bypass intended privilege restrictions and execute commands with root privileges within the container. Successful exploitation could lead to complete container compromise, potentially enabling attackers to access sensitive data, modify container configurations, or even escape the container and impact the host system, depending on container isolation settings. This is particularly concerning in multi-tenant environments where containers share the same host.
CVE-2026-30892 was published on March 25, 2026. Currently, there is no public proof-of-concept (POC) code available. The EPSS score is pending evaluation, indicating the potential for exploitation is not yet fully understood. It is not currently listed on KEV (Kernel Exploit Search). Organizations should monitor security advisories and vulnerability databases for updates.
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-30892 is to upgrade to crun version 1.27 or later, which contains the fix for the incorrect parsing of the -u flag. If upgrading is not immediately feasible, consider restricting the use of the -u flag in crun exec to trusted users or processes. Implement strict container isolation policies to limit the potential impact of a compromised container. Monitor container execution logs for suspicious activity, particularly commands executed with UID 0. While a WAF is unlikely to directly address this vulnerability, enforcing least privilege principles for container users can reduce the attack surface.
Aktualisieren Sie crun auf Version 1.27 oder höher. Diese Version behebt die fehlerhafte Interpretation der Option `-u` in `crun exec` und verhindert so die Eskalation von Privilegien. Sie können die neue Version von der offiziellen Webseite oder über den Paketmanager Ihres Systems herunterladen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-30892 is a vulnerability in crun versions 1.19 through 1.26 that allows an attacker to gain elevated privileges by manipulating the -u flag. Severity is pending evaluation.
You are affected if you are using crun versions 1.19 through 1.26. Check your crun version using crun --version.
Upgrade to crun version 1.27 or later to resolve the vulnerability. If upgrading isn't possible, restrict the use of the -u flag.
Currently, there are no known active exploits or public proof-of-concept code for CVE-2026-30892.
Refer to the crun project's official website and security advisories for the latest information on CVE-2026-30892.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.