CVE-2026-30892 — Improper Privilege Management in Project Crun

CWE-269 — Improper Privilege Management CWE-115 — Misinterpretation of Input8 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 98.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Crun Project Crun Containers Crun

Timeline

PublishedMar 26

Latest updateMar 27

Description

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5containers/crun>= 1.19, < 1.27

▶NVDcrun_project/crun1.19 — 1.27

▶Debiancrun_project/crun< 1.27-1

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2026-30892: crun is an open source OCI Container Runtime fully written in C↗2026-03-26

▶

CVEList

Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation↗2026-03-25

▶

📋Vendor Advisories

Red Hat

crun: crun: Privilege escalation due to incorrect parsing of the `--user` option↗2026-03-25

▶

Debian

CVE-2026-30892: crun - crun is an open source OCI Container Runtime fully written in C. In versions 1.1...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-30892 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the `--user` option [fedora-42]↗2026-03-27

▶

Bugzilla

CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the `--user` option↗2026-03-26

▶