{"id":"CVE-2026-53489","summary":"containerd: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore","details":"containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.","aliases":["GHSA-rgh6-rfwx-v388","GO-2026-5622"],"modified":"2026-07-08T08:13:44.215859401Z","published":"2026-07-01T18:10:41.802Z","related":["CGA-m8q9-38p9-c4g7","openSUSE-SU-2026:11102-1","openSUSE-SU-2026:21072-1"],"database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-61"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53489.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53489.json"},{"type":"ADVISORY","url":"https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53489"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/containerd/containerd","events":[{"introduced":"061792f0ecf3684fb30a3a0eb006799b8c6638a7"},{"fixed":"926009266892d80087b532f7f17ea14b43c4f23d"},{"introduced":"1c4457e00facac03ce1d75f7b6777a7a851e5c41"},{"fixed":"e53c7c1516c3b2bff98eb76f1f4117477e6f4e66"},{"introduced":"2976f38ccbfcda5ef1364d63d60b0a304e4bf94a"},{"fixed":"fff62f14765df376e5fc36f5a8f8e795b5670f61"}],"database_specific":{"extracted_events":[{"introduced":"2.1.0"},{"fixed":"2.1.9"},{"introduced":"2.2.0"},{"fixed":"2.2.5"},{"introduced":"2.3.0"},{"fixed":"2.3.2"}],"source":"CPE_RANGE","cpe":"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*"}}],"versions":["v2.1.8","v2.3.1","v2.2.4","api/v1.11.1","v2.3.0","v2.1.7","v2.2.3","v2.2.2","v2.2.1","v2.1.6","v2.2.0","v2.1.5","v2.1.4","v2.1.3","v2.1.2","v2.1.1","v2.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53489.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"}]}