Critical runC Vulnerabilities Enable Full Container Escape and Host Compromise
Security researchers have disclosed three critical vulnerabilities in the runC container runtime, which is widely used in platforms such as Docker and Kubernetes. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, arise from logic and race-condition errors in runC's handling of temporary bind mounts, symbolic links, and certain write operations. Attackers can exploit these weaknesses to break container isolation, potentially gaining write access to sensitive host system files and kernel interfaces such as /proc/sys/kernel/core_pattern or /proc/sysrq-trigger, leading to full container escapes and even host-level compromise.
The vulnerabilities allow attackers to abuse masked paths, console bind-mounts, and redirected writes, bypassing standard hardening and isolation controls. Exploitation requires either custom mount configurations or the use of untrusted container images, but the risk is significant for orchestrated environments like Docker and Kubernetes. Security advisories from both the runC project and the U.S. National Vulnerability Database urge immediate updates to patched versions or the application of provided patches to mitigate these threats. The vulnerabilities highlight the importance of robust container runtime security and the potential impact of logic flaws in core infrastructure components.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Sysdig publishes detection rules for exploitation attempts
Sysdig released detection rules to help defenders identify attempts to exploit the runc vulnerabilities in containerized environments. The guidance accompanied broader recommendations to patch affected systems immediately, especially where untrusted images or custom mount configurations are used.
runc releases fixes for the container-escape flaws
The vulnerabilities were fixed in runc versions 1.2.8, 1.3.3, and 1.4.0-rc.3. The fixes address issues involving masked paths, console bind-mounts, and redirected writes that could bypass isolation controls such as SELinux and AppArmor.
Researchers discover three runc container-escape vulnerabilities
Security researchers identified three high-severity logic flaws in the runc container runtime, tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881. The bugs allow container escape and potential root-level access on Docker or Kubernetes hosts by abusing procfs-related write handling.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
runc Container Escape Flaws Expose Hosts to Root Compromise
Researchers disclosed three new `runc` vulnerabilities — `CVE-2025-31133`, `CVE-2025-52565`, and `CVE-2025-52881` — that can let attackers break container isolation and gain root access on the host systems running Docker, Kubernetes, and other platforms built on `runc`. The flaws abuse race conditions, mount manipulation, and redirected writes into `procfs`, including paths such as `/proc/sys/kernel/core_pattern` and `/proc/sysrq-trigger`, to turn container access into host-level impact. Sysdig reported that exploitation requires the ability to launch containers with custom mount configurations, making malicious or untrusted container images and Dockerfiles a likely delivery path, and said no active exploitation had been observed at disclosure. The new issues echo the earlier `CVE-2019-5736` `runC` escape, which allowed container root users to overwrite the host `runC` binary via `/proc/self/exe` and `/proc/[pid]/exe` handling and then execute code as root on the host. That earlier flaw affected Docker by default and also impacted LXC in some configurations, leading maintainers to harden `runC` by re-executing from a sealed in-memory copy created with `memfd_create()`. For the newly disclosed bugs, fixed releases are `runc` `1.2.8`, `1.3.3`, and `1.4.0-rc.3` or later, and defenders were advised to monitor for suspicious symlink creation and other attempts to target sensitive `procfs` entries from inside containers.
May 25, 2026
Container Escape Vulnerabilities in runc via /dev/console Mount Races
Multiple vulnerabilities were discovered in *runc*, the container runtime used by Docker, Kubernetes, and other platforms, that allow attackers to escape container isolation. One of the critical flaws, tracked as CVE-2025-52565, arises from insufficient validation during the bind-mounting of `/dev/pts/$n` to `/dev/console` inside containers. Attackers can exploit this race condition to redirect the mount and gain write access to protected files in the procfs, such as `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern`, potentially leading to denial of service or container breakout. The vulnerability affects runc versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, and has been addressed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3. Exploitation of CVE-2025-52565 requires the ability to start containers with custom mount configurations, making environments that run untrusted container images or Dockerfiles particularly vulnerable. No active exploits have been reported as of the disclosure, but security researchers recommend updating to the patched runc versions and monitoring for suspicious container activity. The vulnerability is similar in concept to CVE-2025-31133 but targets a different aspect of the container initialization process, specifically the timing and validation of the `/dev/console` mount before security protections are fully applied.
Mar 21, 2026
containerd patches critical CRI flaws enabling cache poisoning and host compromise
The containerd project released patches for five vulnerabilities in its CRI and image-handling components, including three **critical** flaws tracked as `CVE-2026-50195`, `CVE-2026-53488`, and `CVE-2026-53492`, alongside `CVE-2026-53489` and `CVE-2026-47262`. According to the project’s disclosure and an AWS security bulletin, the bugs could let attackers poison a node’s local image cache with crafted checkpoint images, pass unvalidated image labels that may lead to arbitrary host command execution through label-consuming plugins, and abuse untrusted CDI annotations during checkpoint restore to bypass Kubernetes device allocation controls. The remaining issues include a **high-severity** arbitrary host file-read path through `kubectl logs` by restoring a symlinked `container.log` from a checkpoint image, and a **moderate** denial-of-service flaw that can exhaust memory and crash the `containerd` process. Fixes are available in containerd `2.3.2`, `2.2.5`, and `2.1.9` for all five vulnerabilities, while versions `2.0.10` and `1.7.33` address `CVE-2026-53488` and `CVE-2026-47262`; maintainers urged immediate upgrades and said containers restored from untrusted checkpoints may need to be recreated to remove smuggled CDI configuration tied to `CVE-2026-53492`.
Jun 19, 2026