High severity8.2NVD Advisory· Published Apr 24, 2026· Updated May 14, 2026
CVE-2026-41326
CVE-2026-41326
Description
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy (and perhaps the CopyFile handler) allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. This vulnerability is fixed in v3.29.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/kata-containers/kata-containersGo | < 0.0.0-20260422180503-1b9e49eb2763 | 0.0.0-20260422180503-1b9e49eb2763 |
Affected products
3- cpe:2.3:a:katacontainers:confidential_containers:*:*:*:*:*:*:*:*Range: >=0.9.0,<0.20.0
- cpe:2.3:a:katacontainers:kata_containers:*:*:*:*:*:*:*:*Range: >=3.4.0,<3.29.0
- ghsa-coordsRange: < 0.0.0-20260422180503-1b9e49eb2763
Patches
Vulnerability mechanics
References
5- github.com/kata-containers/kata-containers/commit/1b9e49eb2763aa6ea6a99b276d3ff5e2c7f658f2nvdPatchWEB
- www.openwall.com/lists/oss-security/2026/05/13/2nvdThird Party AdvisoryMailing ListWEB
- github.com/advisories/GHSA-q49m-57vm-c8ccghsaADVISORY
- github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8ccnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-41326ghsaADVISORY
News mentions
0No linked articles in our index yet.