CRI-O Env Injection: Bypass CVE-2022-4318, Add /etc/passwd Entries
CVE-2026-15809 Published on July 15, 2026
Github.com/cri-o/cri-o: fix bypass for cve-2022-4318 — /etc/passwd injection via home env
A flaw was found in CRI-O. The fix for a previous vulnerability (CVE-2022-4318) was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
Vulnerability Analysis
CVE-2026-15809 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is an Output Sanitization Vulnerability?
The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
CVE-2026-15809 has been classified to as an Output Sanitization vulnerability or weakness.
Products Associated with CVE-2026-15809
stack.watch emails you whenever new vulnerabilities are published in Red Hat Confidential Compute Attestation or Red Hat Openshift. Just hit a watch button to start following.