Cve-2026-50195

🔴 Critical | Source: AWS Security Bulletins AWS has identified five vulnerabilities in containerd’s Container Runtime Interface (CRI) plugin affecting versions 1.7 through 2.3, impacting managed services including EKS, ECS, Fargate, Bottlerocket, and Amazon Linux. The flaws range from arbitrary host file reads and command execution via image labels, to container checkpoint abuse and a runtime denial-of-service. Exploitation could allow a malicious container image or checkpoint to compromise host systems or disrupt container workloads. ...

🟠 High | Source: GCP GKE Security Bulletins Multiple high-severity vulnerabilities have been discovered in containerd, the container runtime used by Google Kubernetes Engine (GKE). Attackers with permissions to create Pods can exploit these flaws to bypass Kubernetes security boundaries, potentially compromising the underlying host, poisoning image caches, or causing denial of service. Although some CVEs are rated Critical in containerd upstream, GKE classifies them as High due to the prerequisite of cluster-level Pod creation privileges. ...