CVE-2026-24835
Published: 28 January 2026
Summary
CVE-2026-24835 is a high-severity Improper Authorization (CWE-285) vulnerability in Linuxfoundation Podman Desktop. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Steal Application Access Token (T1528); ranked at the 18.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
Podman Desktop, a graphical tool for developing on containers and Kubernetes, contains a critical authentication bypass vulnerability identified as CVE-2026-24835 in versions prior to 1.25.1. The issue stems from the `isAccessAllowed()` function unconditionally returning `true`, which allows any extension to circumvent permission checks and gain unauthorized access to all authentication sessions. This CWE-285 (Improper Authorization) flaw affects all versions of Podman Desktop prior to the patched release of 1.25.1, with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
A local attacker with low privileges can exploit this vulnerability by installing a malicious extension, requiring low complexity and no user interaction. Successful exploitation enables the attacker to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization, resulting in high impacts to confidentiality and integrity.
Podman Desktop version 1.25.1 addresses the vulnerability with a patch. Additional details are available in the GitHub security advisory at https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg34-6g9m and a supplementary document at https://drive.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5rEDxuDM5/view?usp=sharing.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4858
Vulnerability details
Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions.…
more
The `isAccessAllowed()` function unconditionally returns `true`, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. This vulnerability affects all versions of Podman Desktop. Version 1.25.1 contains a patch for the issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass (isAccessAllowed always true) directly allows malicious extensions to access/hijack all auth sessions, enabling theft of application tokens/cookies and impersonation via valid cloud accounts.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces the access control policy that the flawed isAccessAllowed() function was intended to implement, blocking unauthorized extension access to authentication sessions.
Limits the privileges granted to extensions so that even a bypassed permission check cannot reach all authentication sessions or sensitive resources.
Restricts installation and execution of untrusted extensions that would otherwise exploit the unconditional true return value.