CVE-2026-24054 — Improper Check for Unusual or Exceptional Conditions in Kata-containers

CWE-754 — Improper Check for Unusual or Exceptional Conditions CWE-1287 — Improper Validation of Specified Type of Input3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 73.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kata-containers Katacontainers Kata Containers

Timeline

PublishedJan 29

Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter directory for the container rootfs. When the Kata runtime attempts to mount the container rootfs, the bind mount causes the rootfs to be detected as a block device, leading to the underlying device being …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

Affected Packages2 packages

▶NVDkatacontainers/kata_containers< 3.26.0

▶CVEListV5kata-containers/kata-containers< 3.26.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

📋Vendor Advisories

Red Hat

kata-containers: Kata Containers: Denial of Service and filesystem errors due to malformed container image processing↗2026-01-29

▶

🕵️Threat Intelligence

Wiz

CVE-2026-24054 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶