Description

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.

INFO

Published Date :

2026-03-25T23:57:01.741Z

Last Modified :

2026-03-26T18:10:16.318Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-30892 vulnerability.

Vendors Products
Containers
  • Crun
Crun Project
  • Crun
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30892.

URL Resource
https://github.com/containers/crun/commit/1bd7f42446999b0e76bc3d575392e05c943b0b01 cve-icon cve-icon cve-icon
https://github.com/containers/crun/releases/tag/1.27 cve-icon cve-icon cve-icon
https://github.com/containers/crun/security/advisories/GHSA-4vg2-xjqj-7chj cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-30892 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-30892 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact