SB2026052272 - Multiple vulnerabilities in Kata Containers



SB2026052272 - Multiple vulnerabilities in Kata Containers

Published: May 22, 2026

Security Bulletin ID SB2026052272
CSH Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2025-58354)

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to launch arbitrary workloads while attesting successfully as a benign workload.

The vulnerability exists due to improper check for unusual or exceptional conditions in the Kata agent attestation agent presence check when handling I/O errors during rootfs access. A remote privileged user can selectively fail I/O operations to skip initdata verification and launch arbitrary workloads while attesting successfully as a benign workload.

The issue applies only to CoCo variants using rootfs and dm-verity, and does not affect cases where guest component binaries are stored in the initrd.


2) Improper access control (CVE-ID: CVE-2026-41326)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to overwrite files inside the guest workload image and disclose sensitive information from containers.

The vulnerability exists due to improper access control in the CopyFile policy and CopyFile handler when processing crafted CopyFile requests involving symlinks. A remote attacker can create a symlink from the shared directory to an arbitrary path and then send a second crafted CopyFile request to overwrite files inside the guest workload image and disclose sensitive information from containers.

The issue affects deployments using the upstream genpolicy implementation and is relevant to Confidential Containers workloads whose trust model forbids host access to container images.


Remediation

Install update from vendor's website.