Improper input validation in Containerd
CVE-2026-53488
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This ma…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
Affected products
- Containerd — versions < 1.7.33, >= 2.0.0, < 2.0.10, >= 2.1.0, < 2.1.9
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)