CVE Catalog

CVE-2026-47262

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile — higher than 24% of all known CVEs

Summary

A vulnerability in containerd allows memory exhaustion via a maliciously crafted container image, causing an OOM kill of the containerd process and making the runtime API unavailable. Affected versions are prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5, and 2.3.2.

Risk Assessment

An attacker can cause a denial of service, disrupting Docker Engine or Kubernetes control-plane components, leading to containerized application downtime.

Recommendation

Upgrade containerd to version 1.7.33, 2.0.10, 2.1.9, 2.2.5, or 2.3.2 (depending on your branch) immediately.

Original NVD description (English source)

containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS