Main Vulnerability Database Vulnerabilities #VU134887

Insufficient verification of data authenticity in containerd - CVE-2026-50195

Published: June 19, 2026

Vulnerability identifier: #VU134887

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-50195

CWE-ID: CWE-345

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: containerd

Affected software:
containerd

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to insufficient verification of data authenticity in the CRI checkpoint import process when processing image references in a checkpoint image's configuration. A local user can create a crafted checkpoint image to poison the local image cache and execute arbitrary code.

Exploitation requires permissions to create pods, and affected pods must later use the poisoned tag with an IfNotPresent or Never pull policy on the same node.

How to mitigate CVE-2026-50195

Install security update from vendor's website.

Sources

https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574

Insufficient verification of data authenticity in containerd - CVE-2026-50195

Detailed vulnerability description

How to mitigate CVE-2026-50195

Sources

Please verify you're human