Github.Com Containers Podman V4 vulnerabilities

CVE-2026-33414 [MEDIUM] CWE-78 PowerShell Command Injection in Podman HyperV Machine PowerShell Command Injection in Podman HyperV Machine ## Summary A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing `$()` subexpression injection. ## Affected Code **File**: `pkg/machine/hyperv/stubber.go:647` ```go resize := exec.Command("powershell", []string{ "-command", fmt.Sprin

CVE-2025-9566 [HIGH] CWE-22 podman kube play symlink traversal vulnerability podman kube play symlink traversal vulnerability ### Impact The podman kube play command can overwrite host files when the kube file contains a ConfigMap or Secret volume mount and the volume already contains a symlink to a host file. This allows a malicious container to write to arbitrary files on the host BUT the attacker only controls the target path not the contents that will be written to the file. The contents a

CVE-2025-6032 [HIGH] CWE-295 Podman Improper Certificate Validation; machine missing TLS verification Podman Improper Certificate Validation; machine missing TLS verification ### Impact The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry (which it does by default since 5.0.0) allowing a possible Man In The Middle attack. ### Patches https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3 Fixed in v

CVE-2024-9407 [MEDIUM] CWE-20 Improper Input Validation in Buildah and Podman Improper Input Validation in Buildah and Podman A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases,

CVE-2024-3056 [HIGH] CWE-400 Podman vulnerable to memory-based denial of service Podman vulnerable to memory-based denial of service A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's

CVE-2024-1753 [HIGH] CWE-269 Podman affected by CVE-2024-1753 container escape at build time Podman affected by CVE-2024-1753 container escape at build time ### Impact _What kind of vulnerability is it? Who is impacted?_ Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. ### Patches From @nalind . This is a patch for Buildah (https://github.com

CVE-2023-0778 [MEDIUM] CWE-367 Podman Time-of-check Time-of-use (TOCTOU) Race Condition Podman Time-of-check Time-of-use (TOCTOU) Race Condition A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.

CVE-2022-4122 [MEDIUM] CWE-59 Buildah (as part of Podman) vulnerable to Link Following Buildah (as part of Podman) vulnerable to Link Following A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.

CVE-2022-4123 [LOW] CWE-23 Buildah (as part of Podman) vulnerable to Path Traversal Buildah (as part of Podman) vulnerable to Path Traversal A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.

CVE-2022-2989 [HIGH] CWE-842 Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access per

CVE-2019-18466 [MEDIUM] CWE-59 Podman Symlink Vulnerability Podman Symlink Vulnerability An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

CVE-2022-27649 [HIGH] CWE-276 Podman's default inheritable capabilities for linux container not empty Podman's default inheritable capabilities for linux container not empty A bug was found in Podman where containers were created with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security s