CVE-2026-41326HIGH 8.2EPSS p20.7%

CVE-2026-41326CVE-2026-41326

Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy (and perhaps the CopyFile handler) allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. This vulnerability is fixed in v3.29.0.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS0.29% probability of exploitation · percentile 20.7% · 2026-06-19T12:03:05Z
Published2026-04-24
Last modified2026-05-14

Underlying weaknesses· 1

CWE-61

References

  1. https://github.com/kata-containers/kata-containers/commit/1b9e49eb2763aa6ea6a99b276d3ff5e2c7f658f2
  2. https://github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8cc
  3. http://www.openwall.com/lists/oss-security/2026/05/13/2
  4. https://github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8cc

1

TypeTargetConfidenceTier
WeaknessUNIX Symbolic Link (Symlink) Followingcwe-610%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-24834
CVE
CVE-2026-24054
CVE
CVE-2026-34078
CVE
CVE-2026-28406
CVE
CVE-2025-14459
CVE
CVE-2026-46703
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.