Improper input validation in Containerd

CVE-2026-53488

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This ma…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

Affected products

  • Containerd — versions < 1.7.33, >= 2.0.0, < 2.0.10, >= 2.1.0, < 2.1.9

Weakness classification (CWE)

References