Msrc Cbl2 Kata-Containers-Cc 3.2.0.Azl2-8 On Cbl Mariner 2.0 vulnerabilities
6 known vulnerabilities affecting msrc/cbl2_kata-containers-cc_3.2.0.azl2-8_on_cbl_mariner_2.0.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM4LOW1
Vulnerabilities
Page 1 of 1
CVE-2026-33055MEDIUMCVSS 5.12026-03-10
CVE-2026-33055 [MEDIUM] CWE-843 tar-rs incorrectly ignores PAX size headers if header size is nonzero
tar-rs incorrectly ignores PAX size headers if header size is nonzero
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
msrc
CVE-2026-33056MEDIUMCVSS 5.12026-03-10
CVE-2026-33056 [MEDIUM] CWE-61 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
msrc
CVE-2026-24834CRITICALCVSS 9.32026-02-10
CVE-2026-24834 [CRITICAL] CWE-732 Kata Container to Guest micro VM privilege escalation
Kata Container to Guest micro VM privilege escalation
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
msrc
CVE-2025-58354MEDIUMCVSS 6.92025-09-09
CVE-2025-58354 [MEDIUM] CWE-754 Kata Containers coco-tdx malicious host can circumvent initdata verification
Kata Containers coco-tdx malicious host can circumvent initdata verification
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio
msrc
CVE-2025-53605MEDIUMCVSS 5.92025-07-08
CVE-2025-53605 [MEDIUM] CWE-674 The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefor
msrc
CVE-2024-58266LOWCVSS 3.22025-07-08
CVE-2024-58266 [LOW] CWE-116 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to
msrc