HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-58053Published Modified CNA VulnCheck

CVE-2026-58053: Gitea act_runner - Container Hardening Bypass via Workflow Container Options

Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-opt unchanged. A user who can run a workflow on a Docker-backed runner can create a job container with host namespaces and broad capabilities and escape to the host as root despite privileged mode being disabled.

Metrics

CVSS v4.0
9.4
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A container hardening bypass exists in Gitea act_runner (through act 0.262.0) with the Docker backend. A remote attacker with a low-privilege account who can trigger a workflow can pass arbitrary container options such as --pid=host and --cap-add through the workflow file's container.options string, which act_runner merges into the Docker HostConfig without sanitization. Successful exploitation lets the attacker escape the job container and gain root-level access on the underlying runner host. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment upstream publishes a fix.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle act_runner. Any image found running an affected version of act_runner (at or below 0.262.0) is flagged immediately in the scan results dashboard.

Available
Triage

HarborGuard scores this finding at CVSS 9.4 (Critical) and weights it further against each customer's configured compliance policies before routing the alert to the appropriate team inbox. Per-environment severity context is applied automatically, so security and platform teams receive a prioritized finding without manual re-scoring.

Available
Patch

No upstream fix has been published for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix version is released upstream. For customers with auto-remediation enabled, the rebuilt image will trigger a regression run and a PR opened against affected workloads without manual intervention.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker triggers the vulnerability by submitting a crafted workflow over the network to the Gitea instance backing the runner, so the service must be reachable over the network.

  • AuthenticationRequired

    The attacker must hold at least a low-privilege Gitea account with permission to submit or trigger workflows on a Docker-backed runner.

  • Victim interactionNot required

    No victim interaction is needed; the attacker submits the malicious workflow file and the runner processes it automatically.

  • Attack complexityDetail

    Exploitation is reliable and condition-free: no race conditions or special environmental layout is required beyond having workflow submission access.

Blast Radius

  • Reads any file on the runner host filesystem, including secrets, tokens, and credentials mounted or stored on the host.
  • Writes to or modifies the runner host filesystem, enabling persistence mechanisms such as backdoors or modified binaries.
  • Crashes or disrupts the runner host process tree by operating within the host PID namespace with root privileges.
  • Pivots laterally to other workloads or infrastructure reachable from the host, since the attacker operates as root outside any container boundary.

How HarborGuard Handles This

Available on HarborGuard: this CVE is flagged on every image found to include act_runner at or below version 0.262.0. Because no upstream fix exists yet, HarborGuard monitors the advisory on each ingest cycle and will surface a patched-image rebuild automatically as soon as the upstream project publishes one. In the meantime, compensating controls worth applying include restricting which users or repositories can trigger workflows on Docker-backed runners (network-policy isolation of the runner host), auditing existing workflow files for container.options usage, and considering a switch to a non-Docker backend (such as a rootless or VM-based executor) until a hardened release is available. For customers with auto-remediation enabled, the moment a fix version is published, the pipeline will rebuild the image, run regression tests, and open a PR against affected workloads without manual steps.

See how HarborGuard automates this
Affected packages
  • Gitea / act_runner
    ≤ 0.262.0
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
References