containerd DoS via faulty image load causing OOM kill (v<1.7.33,2.0.10,2.1.9)
CVE-2026-47262 Published on July 1, 2026

containerd image-triggered runtime DoS via unbounded group parsing
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.

NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2026-47262 has been classified to as a Resource Exhaustion vulnerability or weakness.


Products Associated with CVE-2026-47262

stack.watch emails you whenever new vulnerabilities are published in Amazon Aws or Canonical Ubuntu Linux. Just hit a watch button to start following.

 
 

Affected Versions

containerd: