Unrated severityOSV Advisory· Published Jan 28, 2026· Updated Jan 28, 2026

Podman Desktop Extension System Vulnerable to Authentication Bypass

CVE-2026-24835

Description

Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions. The isAccessAllowed() function unconditionally returns true, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. This vulnerability affects all versions of Podman Desktop. Version 1.25.1 contains a patch for the issue.

Affected products

Podman Desktop/Podman DesktopOSV
Range: v1.25.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drive.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5rEDxuDM5/viewmitrex_refsource_MISC
github.com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg34-6g9mmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000