Container-Escape

vulnerabilities 2026-04-30
Copy Fail (CVE-2026-31431): A 732-Byte Python Script Roots Every Major Linux Distro Since 2017
A nine-year-old logic bug in the kernel's algif_aead crypto interface lets an unprivileged user plant four bytes anywhere in the page cache — including inside a setuid binary's cached pages. Root in seconds, no on-disk artifacts, breaks containers.
linux-kernel cve-2026-31431 copy-fail lpe privilege-escalation container-escape algif theori xint
vulnerabilities 2026-04-06
CVE-2026-34612: Kestra SQL Injection Chains to Host RCE via PostgreSQL COPY TO PROGRAM
Critical CVSS 9.9 flaw in Kestra orchestration platform lets authenticated attackers chain SQL injection through PostgreSQL COPY TO PROGRAM for arbitrary command execution on the Docker host.
cve sql-injection rce container-escape postgresql orchestration docker
vulnerabilities 2026-03-29 High
CrackArmor: Nine AppArmor Flaws Enable Container Escape on Debian, Ubuntu, and SUSE
Every Kubernetes node running these distros is potentially exposed. Root escalation from within containers confirmed.
apparmor container kubernetes linux container-escape

Copy Fail (CVE-2026-31431): A 732-Byte Python Script Roots Every Major Linux Distro Since 2017