Browse all 4 CVE security advisories affecting kata-containers. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kata-containers provides secure container runtime isolation through lightweight virtual machines, addressing the core use case of hardened container deployment with reduced attack surface. Historically, vulnerabilities have included remote code execution, privilege escalation, and container breakout flaws, with four CVEs currently documented. The project emphasizes security by design with hardware virtualization-based isolation, though past incidents have exposed flaws in escape mechanisms and improper resource handling. While no major public security incidents have been widely reported, the CVE record indicates ongoing challenges in maintaining isolation integrity between containers and host systems, particularly in multi-tenant environments where containment is critical.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41326 | Kata Containers: CopyFile Policy Subversion via Symlinks — kata-containersCWE-61 | 8.4AI | HighAI | 2026-04-24 |
| CVE-2026-24834 | Kata Container to Guest micro VM privilege escalation — kata-containersCWE-732 | 9.4 | Critical | 2026-02-19 |
| CVE-2026-24054 | Kata Containers Runtime: Host block device can be hotplugged to the VM if the container image is malformed or contains no layers — kata-containersCWE-754 | 3.8 | - | 2026-01-29 |
| CVE-2025-58354 | Kata Containers coco-tdx malicious host can circumvent initdata verification — kata-containersCWE-754 | 8.8AI | HighAI | 2025-09-23 |
This page lists every published CVE security advisory associated with kata-containers. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.