runc container escape via symlink race condition — malicious container image can write to host filesystem on startup. Update runc and container runtimes. Scan all container images for malicious symlink patterns before allowing execution.
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. An attacker could create a malicious container image that, when started, causes the container management software to write files anywhere on the host filesystem.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →