VYPR

apk package

chainguard/rke2-runtime-fips-1.32

pkg:apk/chainguard/rke2-runtime-fips-1.32

Vulnerabilities (25)

  • CVE-2026-27144HigApr 8, 2026
    affected < 1.32.13.2.1-r1fixed 1.32.13.2.1-r1

    The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime.

  • CVE-2026-27143CriApr 8, 2026
    affected < 1.32.13.2.1-r1fixed 1.32.13.2.1-r1

    Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.

  • CVE-2026-27140HigApr 8, 2026
    affected < 1.32.13.2.1-r1fixed 1.32.13.2.1-r1

    SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.

  • CVE-2026-33817Apr 6, 2026
    affected < 1.32.13.2.1-r0fixed 1.32.13.2.1-r0

    Rejected reason: CVE confirmed to be a false positive

  • CVE-2025-15558Mar 4, 2026
    affected < 1.32.13.2.2-r0fixed 1.32.13.2.2-r0

    Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are

Page 2 of 2