CVE-2026-30892

EUVD-2026-16026
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the  `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and  GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
0 NONE
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
crun_projectcrun
1.19 ≤
𝑥
< 1.27
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
crun
bookworm
1.8.1-1+deb12u1
fixed
bullseye
0.17+dfsg-1+deb11u2
fixed
forky
1.27.1-1
fixed
sid
1.27.1-1
fixed
trixie
no-dsa
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
crun
RHEL 9
0:1.27-1.el9_7
fixed
Common Weakness Enumeration
References
https://github.com/containers/crun/commit/1bd7f42446999b0e76bc3d575392e05c943b0b01
https://github.com/containers/crun/releases/tag/1.27
https://github.com/containers/crun/security/advisories/GHSA-4vg2-xjqj-7chj