{"schema_version":"1.7.2","id":"OESA-2026-2557","modified":"2026-06-05T15:48:34Z","published":"2026-06-05T15:48:34Z","upstream":["CVE-2026-47243"],"summary":"kata-containers security update","details":"This is core component of Kata Container, to make it work, you need a isulad/docker engine.\r\n\r\nSecurity Fix(es):\n\n['This vulnerability was fixed in Kata Containers 3.31.0:', 'Description:\\n\\nIn the runtime-rs standalone virtio-fs path, Kata Containers runs virtiofsd\\nas root with --sandbox none --seccomp none.\\n\\nIf an attacker has root-equivalent execution inside the Kata guest VM,\\nthey can send raw FUSE requests directly to the host virtiofsd.\\n\\nThen, a raw FUSE_SYMLINK request whose new symlink name is\\nan absolute host path is honored outside the virtio-fs shared directory.\\n\\nThis lets guest root create host-root-owned symlinks in sensitive host paths.\\n\\nCVE: CVE-2026-47243\\nGHSA: GHSA-2gv2-cffp-j227\\n\\nOriginal report:', '---\\nAurelien Bombo\\nKata Containers Vulnerability Management Team'](CVE-2026-47243)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP3","name":"kata-containers","purl":"pkg:rpm/openEuler/kata-containers&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.0-22.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["kata-containers-3.2.0-22.oe2403sp3.aarch64.rpm"],"src":["kata-containers-3.2.0-22.oe2403sp3.src.rpm"],"x86_64":["kata-containers-3.2.0-22.oe2403sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2557"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-47243"}],"database_specific":{"severity":"High"}}