CVE-2026-53492
Published:June 18, 2026
Updated:June 20, 2026
Impact containerd's CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod's create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. Patches This bug has been fixed in the following containerd versions: * 2.3.2 * 2.2.5 * 2.1.9 Users should update to these versions to resolve the issue. Recreating existing containers restored from untrusted checkpoints may be necessary to remove smuggled configuration. Workarounds Users can mitigate this issue by restricting the restoration of containers from untrusted checkpoint images. If Container Device Interface (CDI) capabilities are not utilized on the node, removing or temporarily relocating host CDI specifications from the default directories ("/etc/cdi" and "/var/run/cdi") will eliminate the reachability of this vulnerability. Credits The containerd project would like to thank Robert Prast (@robertprast) for responsibly disclosing this issue in accordance with the "containerd security policy" (https://github.com/containerd/project/blob/main/SECURITY.md). For more information If you have any questions or comments about this advisory: * Open an issue in "containerd" (https://github.com/containerd/containerd/issues/new/choose) * Email us at "security@containerd.io" (mailto:security@containerd.io) To report a security issue in containerd: * "Report a new vulnerability" (https://github.com/containerd/containerd/security/advisories/new) * Email us at "security@containerd.io" (mailto:security@containerd.io)
Affected Packages
https://github.com/containerd/containerd.git (GITHUB):
Affected version(s) >=v2.1.0 <v2.1.9Fix Suggestion:
Update to version v2.1.9https://github.com/containerd/containerd.git (GITHUB):
Affected version(s) >=v2.2.0 <v2.2.5Fix Suggestion:
Update to version v2.2.5https://github.com/containerd/containerd.git (GITHUB):
Affected version(s) >=v2.3.0 <v2.3.2Fix Suggestion:
Update to version v2.3.2github.com/containerd/containerd/v2 (GO):
Affected version(s) >=v2.1.0 <v2.1.9Fix Suggestion:
Update to version v2.1.9github.com/containerd/containerd/v2 (GO):
Affected version(s) >=v2.3.0 <v2.3.2Fix Suggestion:
Update to version v2.3.2github.com/containerd/containerd/v2 (GO):
Affected version(s) >=v2.2.0 <v2.2.5Fix Suggestion:
Update to version v2.2.5github.com/containerd/containerd/v2 (GO):
Affected version(s) =v2.3.0 <v2.3.2Fix Suggestion:
Update to version v2.3.2Related Resources (3)
Do you need more information?
Contact UsCVSS v4
Base Score:
8.4
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE