containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node's local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an IfNotPresent (or Never) pull policy, they will unknowingly execute the attacker's malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod's identity. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-cvxm-645q-p574 | containerd: CRI checkpoint import allows local image tag poisoning |
Ubuntu USN |
USN-8472-1 | containerd vulnerabilities |
Ubuntu USN |
USN-8473-1 | containerd vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 02 Jul 2026 04:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Containerd
Containerd containerd |
|
| Vendors & Products |
Containerd
Containerd containerd |
Wed, 01 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node's local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an IfNotPresent (or Never) pull policy, they will unknowingly execute the attacker's malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod's identity. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9. | |
| Title | containerd: CRI checkpoint import allows local image tag poisoning | |
| Weaknesses | CWE-345 CWE-829 |
|
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-01T18:32:29.659Z
Reserved: 2026-06-03T22:05:13.645Z
Link: CVE-2026-50195
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-02T13:15:02Z
Github GHSA
Ubuntu USN