VYPR
Vendor

Kata Containers

Products
2
CVEs
12
Across products
13
Status
Private

Products

2

Recent CVEs

12
  • CVE-2026-41326HigApr 24, 2026
    risk 0.46cvss 8.2epss 0.00

    Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy (and perhaps the CopyFile handler) allows untrusted hosts to write to…

  • CVE-2026-47243higMay 27, 2026
    risk 0.39cvss epss 0.00

    ### Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU (and verified with Cloud Hypervisor too), Kata Containers runs host `virtiofsd` as root with: ``` --sandbox none --seccomp none ``` If an attacker has root-equivalent execution inside the Kata…

  • CVE-2025-58354MedSep 23, 2025
    risk 0.38cvss epss 0.00

    Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running…

  • CVE-2026-44210May 26, 2026
    risk 0.00cvss epss 0.00

    ## Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the `io.katacontainers.config.hypervisor.virtio_fs_extra_args` pod annotation. By injecting `-o source=/` along…

  • CVE-2026-24834Feb 19, 2026
    risk 0.00cvss epss 0.00

    Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used…

  • CVE-2026-24054Jan 29, 2026
    risk 0.00cvss epss 0.00

    Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an…

  • CVE-2020-27151Dec 7, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute arbitrary…

  • CVE-2020-28914Nov 17, 2020
    risk 0.00cvss epss 0.00

    An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable…

  • CVE-2020-2023Jun 10, 2020
    risk 0.00cvss epss 0.01

    Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata…

  • CVE-2020-2026Jun 10, 2020
    risk 0.00cvss epss 0.00

    A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This…

  • CVE-2020-2025May 19, 2020
    risk 0.00cvss epss 0.00

    Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all…

  • CVE-2020-2024May 19, 2020
    risk 0.00cvss epss 0.00

    An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS.