HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-53488Published Modified CNA GitHub_M

CVE-2026-53488: containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.

Metrics

CVSS v4.0
9.4
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is an arbitrary command execution vulnerability in containerd's CRI plugin affecting versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5, and 2.3.2. The CRI plugin copies LABEL directives from an image's config into container metadata without validation; a downstream plugin (such as a restart-monitor using a binary:// logger) then consumes those labels and executes the embedded value as a host command. Exploitation requires no network access, no authentication, and no user interaction - an attacker who can influence the image being pulled gains arbitrary command execution on the container host. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment upstream fix versions are formally published.

HarborGuard Coverage

Detection

Detection of CVE-2026-53488 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all container images in customer registries and CI pipelines, including internally built custom images that carry crafted LABEL directives.

Available
Triage

HarborGuard scores this CVE at CVSS 9.4 Critical and surfaces it accordingly; per-environment compliance policy weighting is applied to prioritize routing, ensuring the finding reaches the correct team inbox within each customer organization based on configured severity thresholds.

Available
Patch

Because no fix versions have been published yet, HarborGuard re-examines the upstream advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment containerd ships a remediated release. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered without requiring manual intervention.

Pending upstream

Exploit Conditions

  • Network reachabilityNot required

    The attack vector is local (AV:L); the attacker needs an existing shell or process on the host, not remote network access.

  • AuthenticationNot required

    No privileges are required (PR:N); the attacker only needs to influence which image is pulled, without holding any account credentials on the target system.

  • Victim interactionNot required

    No user interaction is required (UI:N); the malicious label is processed automatically when the image is pulled and a container is created from it.

  • Attack complexityDetail

    Attack complexity is low (AC:L); the exploit is reliable and requires no special timing, race conditions, or environmental prerequisites beyond pulling a crafted image.

Blast Radius

  • A successful attacker executes arbitrary commands on the container host as the process running the affected containerd plugin, bypassing container isolation entirely.
  • Host filesystem reads allow the attacker to access sensitive files including credentials, keys, and runtime secrets stored on the node.
  • Host filesystem writes allow the attacker to modify or implant files, including runtime binaries, configuration files, and persistent workload data.
  • Disruption of the containerd daemon or co-located workloads is possible, crashing running containers or preventing new containers from starting on the affected node.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix exists yet for CVE-2026-53488, the platform monitors the containerd advisory on every ingest cycle and will surface a patched-image rebuild the moment containerd publishes remediated versions. In the interim, customers can apply compensating controls through HarborGuard policy: network-policy isolation to restrict which registries nodes are permitted to pull from, admission rules that flag or block images carrying unrecognized or unsanctioned LABEL keys, and egress filtering to prevent the host-side plugin from making outbound connections if it is invoked. Where compliance policy permits, customers with auto-remediation enabled will receive a rebuilt image, a regression-test run, and a PR opened against affected workloads automatically once a fix version is available, with no manual steps required.

See how HarborGuard automates this
Affected packages
  • containerd / containerd
    < 1.7.33 · >= 2.0.0, < 2.0.10 · >= 2.1.0, < 2.1.9 · >= 2.2.0, < 2.2.5 · >= 2.3.0, < 2.3.2
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H