CVE Daily
← All tags

Tag: containerd

All CVEs associated with "containerd". Page 1/1 • 20 CVEs.

About “containerd”

A curated feed of “containerd”-related CVEs appears below. We currently track 20 CVEs for this tag (all time). In the last 365 days, 4 were published. Average CVSS is 6.3 (all time; 7.4 over 365d), and 35% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-754 - Improper Check for Unusual or Exceptional Conditions, CWE-401 - Missing Release of Memory after Effective Lifetime.

In our taxonomy this topic maps to a MODERATE impact class. Container and Kubernetes fixes usually require image rebuilds and control plane or node upgrades. Prioritize exposed surfaces, restart workloads on patched bases, and tighten RBAC and NetworkPolicies. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: containerd

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestPremier SupportEOLLTS
2.32.3.1LTS
2.22.2.4 Soon
2.12.1.8 Expired
2.02.0.9LTS
1.71.7.32 SoonLTS
1.61.6.39 ExpiredLTS
1.51.5.18 Expired
1.41.4.13 Expired
1.31.3.10 Expired
1.21.2.14 Expired
1.11.1.8 Expired
1.01.0.3 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “containerd”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-02-26
Medium

CVE-2026-27887

Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could ret…

CVSS: 6.9 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2026-01-29
Critical

CVE-2026-24054

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.26.0, when a container image…

CVSS: 10.0 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
2025-11-07
Medium

CVE-2025-64329

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach…

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
2025-11-06
High

CVE-2024-25621

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default…

CVSS: 7.3 CWE: CWE-279 - Incorrect Execution-Assigned Permissions View on NVD
2025-05-21
High

CVE-2025-47291

containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespac…

CVSS: 7.5 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-05-20
Medium

CVE-2025-47290

containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container ima…

CVSS: 5.9 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
2025-03-17
Medium

CVE-2024-40635

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maxi…

CVSS: 4.6 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2023-05-30
Low

CVE-2023-32684

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host…

CVSS: 2.7 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2023-02-16
Medium

CVE-2023-25173

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker…

CVSS: 5.3 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2023-25153

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted…

CVSS: 6.2 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2022-12-07
Medium

CVE-2022-23471

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to ha…

CVSS: 5.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2022-06-09
Medium

CVE-2022-31030

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without boun…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2022-03-25
High

CVE-2022-24778

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container…

CVSS: 7.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2022-03-03
High

CVE-2022-23648

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-01-05
High

CVE-2021-43816

containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runti…

CVSS: 8.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2021-10-04
High

CVE-2021-41103

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insuffic…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2021-07-19
Medium

CVE-2021-32760

containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission…

CVSS: 5.0 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
2021-03-10
Medium

CVE-2021-21334

In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/cont…

CVSS: 6.3 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
2020-12-01
Medium

CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed t…

CVSS: 5.2 CWE: CWE-669 - Incorrect Resource Transfer Between Spheres View on NVD
2020-10-16
Medium

CVE-2020-15157

In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Sche…

CVSS: 6.1 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox