Description
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.
Published: 2026-07-01
Score: 9.4 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability originates from inadequate validation of Docker image LABEL directives within containerd’s CRI plugin. Labels passed from the image configuration are forwarded to containers verbatim, enabling an attacker to insert malicious payloads such as a `binary://` logger reference that the restart‑monitor executes as a host command. The result is remote code execution on the host, granting full control over the node and endangering the entire cluster.

Affected Systems

The product at risk is containerd. Versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 contain the flaw. Any environment running containerd v1.7.32 or earlier, v2.3.1 or earlier, v2.2.4 or earlier, v2.1.8 or earlier, or v2.0.9 or earlier is affected and should be upgraded.

Risk and Exploitability

The CVSS score of 9.4 classifies the flaw as critical, with no authentication required and high exploitability. The EPSS score is currently unknown and the vulnerability is not listed in CISA’s KEV catalogue, yet the attack surface remains large because the issue is triggered during normal image pulls by the CRI plugin. An adversary can insert a crafted LABEL into a malicious image, which the restart‑monitor will subsequently execute on the host, providing a straightforward path to host compromise in container orchestration environments.

Generated by OpenCVE AI on July 1, 2026 at 03:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade containerd to a fixed release such as 1.7.33 or later, 2.3.2 or later, 2.2.5 or later, 2.1.9 or later, or 2.0.10 or later, that contains the label‑validation fix.
  • If an upgrade cannot be performed immediately, reconfigure or disable the restart‑monitor plugin so it does not consume raw labels, or run it with a least‑privileged context to limit host impact.
  • Enforce image trust by signing container images and configuring the CRI to reject untrusted images, ensuring that only vetted images are pulled and processed.

Generated by OpenCVE AI on July 1, 2026 at 03:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-xhf5-7wjv-pqxp containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull
Ubuntu USN Ubuntu USN USN-8471-1 containerd vulnerabilities
Ubuntu USN Ubuntu USN USN-8472-1 containerd vulnerabilities
Ubuntu USN Ubuntu USN USN-8473-1 containerd vulnerabilities
History

Wed, 01 Jul 2026 01:30:00 +0000

Type Values Removed Values Added
Description containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.
Title containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-01T00:11:20.610Z

Reserved: 2026-06-09T17:05:25.059Z

Link: CVE-2026-53488

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T03:15:15Z

Weaknesses
  • CWE-20

    Improper Input Validation