Containers Crun vulnerabilities

CVE-2026-30892 [HIGH] CWE-269 CVE-2026-30892: crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.

CVE-2025-24965 [HIGH] CWE-22 CVE-2025-24965: crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious co crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. The problem is fixed i