CVE-2026-53489
Published: 01 July 2026
Summary
CVE-2026-53489 is a high-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Linuxfoundation Containerd. Its CVSS base score is 8.2 (High).
Operationally, ranked at the 10.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
No EU or UK CSIRT advisories indexed for this CVE.
Vulnerability details
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on…
more
the host via kubectl logs. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.
Hardening callouts derived
Configuration rules from DISA STIG baselines that reduce the attack surface for weaknesses of the type cited by this CVE. Derived transitively via CVE→CWE→STIG over `controls_xwalks` (authoritative rows only).
Oracle Linux 8 (1 rule)
- V-248577 OL 8 must enable kernel parameters to enforce Discretionary Access Control (DAC) on symlinks. via CWE-61
RHEL 8 (1 rule)
- V-230263 The RHEL 8 file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency. via CWE-61