{"id":"UBUNTU-CVE-2026-30892","details":"crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the  `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and  GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.","modified":"2026-04-02T17:31:25Z","published":"2026-03-26T00:16:00Z","upstream":["CVE-2026-30892"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-30892"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2026-30892"},{"type":"REPORT","url":"https://github.com/containers/crun/commit/1bd7f42446999b0e76bc3d575392e05c943b0b01"},{"type":"REPORT","url":"https://github.com/containers/crun/releases/tag/1.27"},{"type":"REPORT","url":"https://github.com/containers/crun/security/advisories/GHSA-4vg2-xjqj-7chj"}],"affected":[{"package":{"name":"crun","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/crun@0.12.1+dfsg-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.10.5+dfsg-1","0.10.6+dfsg-1","0.11+dfsg-1","0.12+dfsg-1","0.12.1+dfsg-1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.12.1+dfsg-1","binary_name":"crun"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-30892.json"}},{"package":{"name":"crun","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/crun@0.17+dfsg-1.1ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.17+dfsg-1","0.17+dfsg-1.1","0.17+dfsg-1.1ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.17+dfsg-1.1ubuntu0.1","binary_name":"crun"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-30892.json"}},{"package":{"name":"crun","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/crun@1.14.1-1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.5-1","1.11-1","1.11.1-1","1.12-1","1.13-1","1.14-1","1.14.1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.14.1-1","binary_name":"crun"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-30892.json"}},{"package":{"name":"crun","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/crun@1.21-1ubuntu2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.20-1syncable1","1.21-1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.21-1ubuntu2","binary_name":"crun"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-30892.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}