CVE-2026-24835
Published: 28 January 2026
Summary
CVE-2026-24835 is a high-severity Improper Authorization (CWE-285) vulnerability in Linuxfoundation Podman Desktop. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Steal Application Access Token (T1528); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Documented procedures facilitate correct implementation and ongoing management of authorization decisions.
Periodic reviews identify and correct flaws in authorization decisions or enforcement.
The control's documentation requirement reduces improper authorization by ensuring only mission-justified actions bypass authentication.
Establishing permitted attributes and values, plus auditing changes, ensures authorization decisions are based on correctly managed policy data.
Explicitly mandates authorizing remote access types before permitting connections, directly mitigating improper authorization.
The control explicitly requires authorization of each wireless access type prior to permitting connections.
Mandating explicit authorization of mobile device connections reduces the risk of improper authorization decisions for system access.
Specifying access authorizations for each account and requiring approvals for account requests enforces proper authorization decisions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Auth bypass (isAccessAllowed always true) directly allows malicious extensions to access/hijack all auth sessions, enabling theft of application tokens/cookies and impersonation via valid cloud accounts.
NVD Description
Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions.…
more
The `isAccessAllowed()` function unconditionally returns `true`, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. This vulnerability affects all versions of Podman Desktop. Version 1.25.1 contains a patch for the issue.
Deeper analysisAI
Podman Desktop, a graphical tool for developing on containers and Kubernetes, contains a critical authentication bypass vulnerability identified as CVE-2026-24835 in versions prior to 1.25.1. The issue stems from the `isAccessAllowed()` function unconditionally returning `true`, which allows any extension to circumvent permission checks and gain unauthorized access to all authentication sessions. This CWE-285 (Improper Authorization) flaw affects all versions of Podman Desktop prior to the patched release of 1.25.1, with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
A local attacker with low privileges can exploit this vulnerability by installing a malicious extension, requiring low complexity and no user interaction. Successful exploitation enables the attacker to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization, resulting in high impacts to confidentiality and integrity.
Podman Desktop version 1.25.1 addresses the vulnerability with a patch. Additional details are available in the GitHub security advisory at https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg34-6g9m and a supplementary document at https://drive.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5rEDxuDM5/view?usp=sharing.
Details
- CWE(s)