containerd CDI Annotation Injection via Untrusted Checkpoints (pre-2.3.2)
CVE-2026-53492 Published on July 1, 2026

containerd CRI checkpoint restore CDI annotation smuggling
containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod's create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.

NVD

Weakness Types

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

What is an AuthZ Vulnerability?

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVE-2026-53492 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2026-53492

stack.watch emails you whenever new vulnerabilities are published in Amazon Aws or Canonical Ubuntu Linux. Just hit a watch button to start following.

 
 

Affected Versions

containerd: