CVE-2026-47262
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
A vulnerability in containerd allows memory exhaustion via a maliciously crafted container image, causing an OOM kill of the containerd process and making the runtime API unavailable. Affected versions are prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5, and 2.3.2.
Risk Assessment
An attacker can cause a denial of service, disrupting Docker Engine or Kubernetes control-plane components, leading to containerized application downtime.
Recommendation
Upgrade containerd to version 1.7.33, 2.0.10, 2.1.9, 2.2.5, or 2.3.2 (depending on your branch) immediately.
Original NVD description (English source)
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.

