Main Vulnerability Database SB20260629136

SB20260629136 - Input validation error in Podman

Published: June 29, 2026

Security Bulletin ID SB20260629136

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2026-57231)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper input validation in image config environment variable parsing when processing a malformed container image. A remote attacker can supply a specially crafted image to disclose sensitive information.

Environment variable entries containing only a key and no value, including wildcard forms such as an asterisk, may cause host environment variables from the launch session to be passed into the container.

Remediation

Install update from vendor's website.

SB20260629136 - Input validation error in Podman

Breakdown by Severity

Description

Remediation

References

Please verify you're human