Container-Escape
DirtyClone: Linux Kernel LPE via Cloned sk_buff Gives Any Local User Root (CVE-2026-43503)
JFrog releases a working exploit for DirtyClone, a Linux kernel socket-buffer cloning flaw that silently rewrites in-memory setuid binaries and grants root—with container escape potential on cloud and Kubernetes hosts.
One Symlink From Host Root: The runC maskedPaths Escapes and the Myth of the Container Boundary
Three runC CVEs disclosed in November 2025 turned container escape back into a /dev/null symlink race — and one of them walks straight through AppArmor and SELinux. Here is how the maskedPaths breakout works, why seccomp and user namespaces are the layers that actually held, and what to change before the next runtime CVE.
DirtyDecrypt (CVE-2026-31635): Public PoC Roots Fedora, Arch, and openSUSE via the Kernel's RxGK Path
A released proof-of-concept weaponizes CVE-2026-31635, a missing copy-on-write guard in the Linux kernel's RxGK receive path, for local root on Fedora, Arch, and openSUSE Tumbleweed — and pod escape on affected worker nodes.
Copy Fail (CVE-2026-31431): A 732-Byte Python Script Roots Every Major Linux Distro Since 2017
A nine-year-old logic bug in the kernel's algif_aead crypto interface lets an unprivileged user plant four bytes anywhere in the page cache — including inside a setuid binary's cached pages. Root in seconds, no on-disk artifacts, breaks containers.
CVE-2026-34612: Kestra SQL Injection Chains to Host RCE via PostgreSQL COPY TO PROGRAM
Critical CVSS 9.9 flaw in Kestra orchestration platform lets authenticated attackers chain SQL injection through PostgreSQL COPY TO PROGRAM for arbitrary command execution on the Docker host.
CrackArmor: Nine AppArmor Flaws Enable Container Escape on Debian, Ubuntu, and SUSE
Every Kubernetes node running these distros is potentially exposed. Root escalation from within containers confirmed.