Exposure of Resource to Wrong Sphere in Kata Containers - CVE-2026-24054
Published: May 22, 2026
Vulnerability identifier: #VU132134
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-24054
CWE-ID: CWE-668
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Kata Containers
Affected software:
Kata Containers
Kata Containers
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service on the host system.
The vulnerability exists due to improper device handling in container rootfs mounting logic when processing a malformed container image or an image with no layers. A remote user can start a container with a malformed image or an image that contains no layers to cause a denial of service on the host system.
This affects deployments using the default overlayfs containerd snapshotter with the Kata runtime class, and may cause the host disk to be remounted as read-only.
How to mitigate CVE-2026-24054
Install security update from vendor's website.