Description
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container
Published: 2026-03-13
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

An integrity flaw (CWE‑276) allows an attacker with command execution capability inside a Multi‑Cloud Object Gateway Core container to modify the /etc/passwd file because it is created group‑writable during image build. By changing the file to add an entry with UID 0, the attacker gains full root privileges within the container.

Affected Systems

The flaw affects Red Hat Openshift Data Foundation 4, specifically the Multi‑Cloud Object Gateway Core images. No specific affected version numbers are listed in the CVE entry.

Risk and Exploitability

The CVSS score of 6.4 denotes moderate severity, and the EPSS score of less than 1% indicates a low likelihood of active exploitation. The vulnerability is not included in the CISA KEV catalog. Exploitation requires that the attacker already have command execution within the container and membership in the root group; the attack vector is therefore local to the container environment, though it may be leveraged to compromise the host or other containers.

Generated by OpenCVE AI on March 18, 2026 at 20:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued patch or update to a version of Multi‑Cloud Object Gateway Core that corrects the /etc/passwd permissions.
  • If a patch is unavailable, rebuild the affected container images ensuring /etc/passwd is not group‑writable (chmod 644).
  • Remove non‑root users from the root group or use a dedicated non‑privileged user for container operations.
  • Deploy containers with the principle of least privilege, denying unnecessary group permissions and disabling root group membership.
  • Regularly audit container filesystems for unexpected permission changes and monitor for unauthorized user additions.

Generated by OpenCVE AI on March 18, 2026 at 20:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 13 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container
Title Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container
First Time appeared Redhat
Redhat openshift Data Foundation
Weaknesses CWE-276
CPEs cpe:/a:redhat:openshift_data_foundation:4
Vendors & Products Redhat
Redhat openshift Data Foundation
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Openshift Data Foundation
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-18T20:21:35.610Z

Reserved: 2025-08-08T16:07:52.076Z

Link: CVE-2025-8766

cve-icon Vulnrichment

Updated: 2026-03-13T14:13:29.623Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:53:56.157

Modified: 2026-03-16T14:54:11.293

Link: CVE-2025-8766

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-13T02:37:00Z

Links: CVE-2025-8766 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:48Z

Weaknesses