{"url":"http://public2.vulnerablecode.io/api/packages/88238?format=json","purl":"pkg:rpm/redhat/buildah@2:1.41.6-1?arch=el9_7","type":"rpm","namespace":"redhat","name":"buildah","version":"2:1.41.6-1","qualifiers":{"arch":"el9_7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66647?format=json","vulnerability_id":"VCID-mvsr-c2yh-mbdq","summary":"golang: archive/tar: Unbounded allocation when parsing GNU sparse map","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58183.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58183","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01876","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01864","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04166","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03998","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03982","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03952","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03932","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03945","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04081","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04099","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04093","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04121","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0416","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04162","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0401","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04028","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04898","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04813","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58183"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2407258","reference_id":"2407258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2407258"},{"reference_url":"https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI","reference_id":"4Emdl2iQ_bI","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T14:22:41Z/"}],"url":"https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"},{"reference_url":"https://go.dev/cl/709861","reference_id":"709861","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T14:22:41Z/"}],"url":"https://go.dev/cl/709861"},{"reference_url":"https://go.dev/issue/75677","reference_id":"75677","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T14:22:41Z/"}],"url":"https://go.dev/issue/75677"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-4014","reference_id":"GO-2025-4014","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T14:22:41Z/"}],"url":"https://pkg.go.dev/vuln/GO-2025-4014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21778","reference_id":"RHSA-2025:21778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21779","reference_id":"RHSA-2025:21779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21815","reference_id":"RHSA-2025:21815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21815"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21816","reference_id":"RHSA-2025:21816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21856","reference_id":"RHSA-2025:21856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21964","reference_id":"RHSA-2025:21964","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21964"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22011","reference_id":"RHSA-2025:22011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22012","reference_id":"RHSA-2025:22012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22030","reference_id":"RHSA-2025:22030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22181","reference_id":"RHSA-2025:22181","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22181"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22255","reference_id":"RHSA-2025:22255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22345","reference_id":"RHSA-2025:22345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22668","reference_id":"RHSA-2025:22668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22668"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22738","reference_id":"RHSA-2025:22738","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22743","reference_id":"RHSA-2025:22743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22759","reference_id":"RHSA-2025:22759","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22759"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22899","reference_id":"RHSA-2025:22899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23001","reference_id":"RHSA-2025:23001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23002","reference_id":"RHSA-2025:23002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23087","reference_id":"RHSA-2025:23087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23088","reference_id":"RHSA-2025:23088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23294","reference_id":"RHSA-2025:23294","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23295","reference_id":"RHSA-2025:23295","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23295"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23325","reference_id":"RHSA-2025:23325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23326","reference_id":"RHSA-2025:23326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23347","reference_id":"RHSA-2025:23347","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23347"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23348","reference_id":"RHSA-2025:23348","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23348"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23374","reference_id":"RHSA-2025:23374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23394","reference_id":"RHSA-2025:23394","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23394"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23421","reference_id":"RHSA-2025:23421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23546","reference_id":"RHSA-2025:23546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23733","reference_id":"RHSA-2025:23733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23736","reference_id":"RHSA-2025:23736","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23737","reference_id":"RHSA-2025:23737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23740","reference_id":"RHSA-2025:23740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23741","reference_id":"RHSA-2025:23741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23746","reference_id":"RHSA-2025:23746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23747","reference_id":"RHSA-2025:23747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23948","reference_id":"RHSA-2025:23948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0226","reference_id":"RHSA-2026:0226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0227","reference_id":"RHSA-2026:0227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0243","reference_id":"RHSA-2026:0243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0244","reference_id":"RHSA-2026:0244","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0245","reference_id":"RHSA-2026:0245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0246","reference_id":"RHSA-2026:0246","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0246"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0314","reference_id":"RHSA-2026:0314","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0424","reference_id":"RHSA-2026:0424","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0426","reference_id":"RHSA-2026:0426","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0477","reference_id":"RHSA-2026:0477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0527","reference_id":"RHSA-2026:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0530","reference_id":"RHSA-2026:0530","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0530"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0663","reference_id":"RHSA-2026:0663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0671","reference_id":"RHSA-2026:0671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0973","reference_id":"RHSA-2026:0973","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0973"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0987","reference_id":"RHSA-2026:0987","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1018","reference_id":"RHSA-2026:1018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1025","reference_id":"RHSA-2026:1025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1067","reference_id":"RHSA-2026:1067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10703","reference_id":"RHSA-2026:10703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1071","reference_id":"RHSA-2026:1071","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1071"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1072","reference_id":"RHSA-2026:1072","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1072"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12279","reference_id":"RHSA-2026:12279","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12279"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13542","reference_id":"RHSA-2026:13542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13548","reference_id":"RHSA-2026:13548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1377","reference_id":"RHSA-2026:1377","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1377"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1378","reference_id":"RHSA-2026:1378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1379","reference_id":"RHSA-2026:1379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1379"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1380","reference_id":"RHSA-2026:1380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1381","reference_id":"RHSA-2026:1381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1488","reference_id":"RHSA-2026:1488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1517","reference_id":"RHSA-2026:1517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1520","reference_id":"RHSA-2026:1520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1552","reference_id":"RHSA-2026:1552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1837","reference_id":"RHSA-2026:1837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1838","reference_id":"RHSA-2026:1838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1942","reference_id":"RHSA-2026:1942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2071","reference_id":"RHSA-2026:2071","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2071"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2082","reference_id":"RHSA-2026:2082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2082"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2129","reference_id":"RHSA-2026:2129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2343","reference_id":"RHSA-2026:2343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2350","reference_id":"RHSA-2026:2350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2351","reference_id":"RHSA-2026:2351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2456","reference_id":"RHSA-2026:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2568","reference_id":"RHSA-2026:2568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2571","reference_id":"RHSA-2026:2571","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2571"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2711","reference_id":"RHSA-2026:2711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2737","reference_id":"RHSA-2026:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2737"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2900","reference_id":"RHSA-2026:2900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3108","reference_id":"RHSA-2026:3108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3875","reference_id":"RHSA-2026:3875","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3875"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3905","reference_id":"RHSA-2026:3905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4215","reference_id":"RHSA-2026:4215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4418","reference_id":"RHSA-2026:4418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4423","reference_id":"RHSA-2026:4423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4434","reference_id":"RHSA-2026:4434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4464","reference_id":"RHSA-2026:4464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4482","reference_id":"RHSA-2026:4482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4510","reference_id":"RHSA-2026:4510","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4510"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4532","reference_id":"RHSA-2026:4532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4533","reference_id":"RHSA-2026:4533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4693","reference_id":"RHSA-2026:4693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4936","reference_id":"RHSA-2026:4936","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5086","reference_id":"RHSA-2026:5086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5107","reference_id":"RHSA-2026:5107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5234","reference_id":"RHSA-2026:5234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5394","reference_id":"RHSA-2026:5394","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5394"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5636","reference_id":"RHSA-2026:5636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5645","reference_id":"RHSA-2026:5645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5866","reference_id":"RHSA-2026:5866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5876","reference_id":"RHSA-2026:5876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6191","reference_id":"RHSA-2026:6191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6191"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6226","reference_id":"RHSA-2026:6226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6493","reference_id":"RHSA-2026:6493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6564","reference_id":"RHSA-2026:6564","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6564"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7252","reference_id":"RHSA-2026:7252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8218","reference_id":"RHSA-2026:8218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8229","reference_id":"RHSA-2026:8229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8325","reference_id":"RHSA-2026:8325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8325"}],"fixed_packages":[],"aliases":["CVE-2025-58183"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mvsr-c2yh-mbdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29648?format=json","vulnerability_id":"VCID-wxsf-mu1t-aqa4","summary":"runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects\n### Impact ###\n\nThis attack is primarily a more sophisticated version of CVE-2019-19921, which was a flaw which allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy `tmpfs` file and thus not apply the correct LSM labels to the container process. The mitigation runc applied for CVE-2019-19921 was fairly limited and effectively only caused runc to verify that when runc writes LSM labels that those labels are actual procfs files.\n\nRather than using a fake `tmpfs` file for `/proc/self/attr/<label>`, an attacker could instead (through various means) make `/proc/self/attr/<label>` reference a real `procfs` file, but one that would still be a no-op (such as `/proc/self/sched`). This would have the same effect but would clear the \"is a procfs file\" check. Runc is aware that this kind of attack would be possible (even going so far as to discuss this publicly as \"future work\" at conferences), and runc is working on a far more comprehensive mitigation of this attack, but this security issue was disclosed before runc could complete this work.\n\nIn all known versions of runc, an attacker can trick runc into misdirecting writes to `/proc` to other procfs files through the use of a racing container with shared mounts (runc has also verified this attack is possible to exploit using a standard Dockerfile with `docker buildx build` as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a `tmpfs` or theoretically other methods such as regular bind-mounts.\n\nNote that while `/proc/self/attr/<label>` was the example used above (which is LSM-specific), this issue affect all writes to `/proc` in runc and thus also affects sysctls (written to `/proc/sys/...`) and some other APIs.\n\n#### Additional Impacts ####\n\nWhile investigating this issue, runc discovered that another risk with these redirected writes is that they could be redirected to dangerous files such as `/proc/sysrq-trigger` rather than just no-op files like `/proc/self/sched`. For instance, the default AppArmor profile name in Docker is `docker-default`, which when written to `/proc/sysrq-trigger` would cause the host system to crash.\n\nWhen this was discovered, runc conducted an audit of other write operations within runc and found several possible areas where runc could be used as a semi-arbitrary write gadget when combined with the above race attacks. The most concerning attack scenario was the configuration of sysctls. Because the contents of the sysctl are free-form text, an attacker could use a misdirected write to write to `/proc/sys/kernel/core_pattern` and break out of the container (as described in CVE-2025-31133, kernel upcalls are not namespaced and so coredump helpers will run with complete root privileges on the host). Even if the attacker cannot configure custom sysctls, a valid sysctl string (when redirected to `/proc/sysrq-trigger`) can easily cause the machine to hang.\n\nNote that the fact that this attack allows you to disable LSM labels makes it a very useful attack to combine with CVE-2025-31133 (as one of the only mitigations available to most users for that issue is AppArmor, and this attack would let you bypass that). However, the misdirected write issue above means that you could also achieve most of the same goals without needing to chain together attacks.\n\n### Patches ###\n\nThis advisory is being published as part of a set of three advisories:\n\n  * CVE-2025-31133\n  * CVE-2025-52881\n  * CVE-2025-52565\n\nThe patches fixing this issue have accordingly been combined into a single patchset. The following patches from that patchset resolve the issues in this advisory:\n\n * db19bbed5348 (\"internal/sys: add VerifyInode helper\")\n * 6fc191449109 (\"internal: move utils.MkdirAllInRoot to internal/pathrs\")\n * ff94f9991bd3 (\"*: switch to safer securejoin.Reopen\")\n * 44a0fcf685db (\"go.mod: update to github.com/cyphar/filepath-securejoin@v0.5.0\")\n * 77889b56db93 (\"internal: add wrappers for securejoin.Proc*\")\n * fdcc9d3cad2f (\"apparmor: use safe procfs API for labels\")\n * ff6fe1324663 (\"utils: use safe procfs for /proc/self/fd loop code\")\n * b3dd1bc562ed (\"utils: remove unneeded EnsureProcHandle\")\n * 77d217c7c377 (\"init: write sysctls using safe procfs API\")\n * 435cc81be6b7 (\"init: use securejoin for /proc/self/setgroups\")\n * d61fd29d854b (\"libct/system: use securejoin for /proc/$pid/stat\")\n * 4b37cd93f86e (\"libct: align param type for mountCgroupV1/V2 functions\")\n * d40b3439a961 (\"rootfs: switch to fd-based handling of mountpoint targets\")\n * ed6b1693b8b3 (\"selinux: use safe procfs API for labels\")\n   - Please note that this patch includes a private patch for `github.com/opencontainers/selinux` that could not be made public through a public pull request (as it would necessarily disclose this embargoed security issue).\n\n     The patch includes a complete copy of the forked code and a `replace` directive (as well as `go mod vendor` applied), which should still work with downstream build systems. If you cannot apply this patch, you can safely drop it -- some of the other patches in this series should block these kinds of racing mount attacks entirely.\n\n     See https://github.com/opencontainers/selinux/pull/237 for the upstream patch.\n * 3f925525b44d (\"rootfs: re-allow dangling symlinks in mount targets\")\n * a41366e74080 (\"openat2: improve resilience on busy systems\")\n\nrunc 1.2.8, 1.3.3, and 1.4.0-rc.3 have been released and all contain fixes for these issues. As per [runc's new release model][RELEASES.md], runc 1.1.x and earlier are no longer supported and thus have not been patched.\n\n[CVE-2025-31133]: https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\n[CVE-2025-52565]: https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\n[CVE-2025-52881]: https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\n[RELEASES.md]: https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md\n\n### Mitigations ###\n\n * Do not run untrusted container images from unknown or unverified sources.\n\n * For the basic no-op attack, this attack allows a container process to run with the same LSM labels as `runc`. For most AppArmor deployments this means it will be `unconfined`, and for SELinux it will likely be `container_runtime_t`. Runc has not conducted in-depth testing of the impact on SELinux -- it is possible that it provides some reasonable protection but it seems likely that an attacker could cause harm to systems even with such an SELinux setup.\n\n * For the more involved redirect and write gadget attacks, unfortunately most LSM profiles (including the standard container-selinux profiles) provide the container runtime access to sysctl files (including `/proc/sysrq-trigger`) and so LSMs likely do not provide much protection against these attacks.\n\n * Using rootless containers provides some protection against these kinds of bugs (privileged writes in runc being redirected) -- by having runc itself be an unprivileged process, in general you would expect the impact scope of a runc bug to be less severe as it would only have the privileges afforded to the host user which spawned runc. For this particular bug, the privilege escalation caused by the inadvertent write issue is entirely mitigated with rootless containers because the unprivileged user that the `runc` process is executing as cannot write to the aforementioned procfs files (even intentionally).\n\n### Other Runtimes ###\n\nAs this vulnerability boils down to a fairly easy-to-make logic bug, runc has provided information to other OCI (crun, youki) and non-OCI (LXC) container runtimes about this vulnerability.\n\nBased on discussions with other runtimes, it seems that crun and youki may have similar security issues and will release a co-ordinated security release along with runc. LXC appears to use the host's `/proc` for all procfs operations, and so is likely not vulnerable to this issue (this is a trade-off -- runc uses the container's procfs to avoid CVE-2016-9962-style attacks).\n\n[CVE-2016-9962]: https://seclists.org/fulldisclosure/2017/Jan/21\n\n### Credits ###\n\nThanks to Li Fubang (@lifubang from acmcoder.com, CIIC) and Tõnis Tiigi (@tonistiigi from Docker) for both independently discovering this vulnerability, as well as Aleksa Sarai (@cyphar from SUSE) for the original research into this class of security issues and solutions.\n\nAdditional thanks go to Tõnis Tiigi for finding some very useful exploit templates for these kinds of race attacks using `docker buildx build`.","references":[{"reference_url":"http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322"},{"reference_url":"http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52881.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52881.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52881","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0252","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02559","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02542","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02508","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02595","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0259","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02592","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03306","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03374","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03354","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03349","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03341","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03123","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03243","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03281","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03284","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0447","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09595","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/opencontainers/runc","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencontainers/runc"},{"reference_url":"https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md"},{"reference_url":"https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557"},{"reference_url":"https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d"},{"reference_url":"https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58"},{"reference_url":"https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6"},{"reference_url":"https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f"},{"reference_url":"https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544"},{"reference_url":"https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db"},{"reference_url":"https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322"},{"reference_url":"https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28"},{"reference_url":"https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2"},{"reference_url":"https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165"},{"reference_url":"https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64"},{"reference_url":"https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1"},{"reference_url":"https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3"},{"reference_url":"https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51"},{"reference_url":"https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480"},{"reference_url":"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2"},{"reference_url":"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"},{"reference_url":"https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw"},{"reference_url":"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T21:06:59Z/"}],"url":"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"},{"reference_url":"https://github.com/opencontainers/selinux/pull/237","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencontainers/selinux/pull/237"},{"reference_url":"https://github.com/opencontainers/selinux/releases/tag/v1.13.0","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opencontainers/selinux/releases/tag/v1.13.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-52881","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-52881"},{"reference_url":"https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs"},{"reference_url":"https://youtu.be/tGseJW_uBB8","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://youtu.be/tGseJW_uBB8"},{"reference_url":"https://youtu.be/y1PaBzxwRWQ","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://youtu.be/y1PaBzxwRWQ"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120140","reference_id":"1120140","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120140"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2404715","reference_id":"2404715","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2404715"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19927","reference_id":"RHSA-2025:19927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20957","reference_id":"RHSA-2025:20957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21220","reference_id":"RHSA-2025:21220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21232","reference_id":"RHSA-2025:21232","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21232"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21633","reference_id":"RHSA-2025:21633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21634","reference_id":"RHSA-2025:21634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21634"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21702","reference_id":"RHSA-2025:21702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21795","reference_id":"RHSA-2025:21795","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21795"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21824","reference_id":"RHSA-2025:21824","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22011","reference_id":"RHSA-2025:22011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22012","reference_id":"RHSA-2025:22012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22030","reference_id":"RHSA-2025:22030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23347","reference_id":"RHSA-2025:23347","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23347"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23543","reference_id":"RHSA-2025:23543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0050","reference_id":"RHSA-2026:0050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0315","reference_id":"RHSA-2026:0315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0331","reference_id":"RHSA-2026:0331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0418","reference_id":"RHSA-2026:0418","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0424","reference_id":"RHSA-2026:0424","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0425","reference_id":"RHSA-2026:0425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0426","reference_id":"RHSA-2026:0426","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0676","reference_id":"RHSA-2026:0676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0701","reference_id":"RHSA-2026:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0995","reference_id":"RHSA-2026:0995","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0995"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10703","reference_id":"RHSA-2026:10703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1540","reference_id":"RHSA-2026:1540","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1540"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1730","reference_id":"RHSA-2026:1730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1942","reference_id":"RHSA-2026:1942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2034","reference_id":"RHSA-2026:2034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2106","reference_id":"RHSA-2026:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2343","reference_id":"RHSA-2026:2343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2456","reference_id":"RHSA-2026:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2681","reference_id":"RHSA-2026:2681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2695","reference_id":"RHSA-2026:2695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2754","reference_id":"RHSA-2026:2754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2762","reference_id":"RHSA-2026:2762","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2900","reference_id":"RHSA-2026:2900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2951","reference_id":"RHSA-2026:2951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2975","reference_id":"RHSA-2026:2975","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2975"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3391","reference_id":"RHSA-2026:3391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3391"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3416","reference_id":"RHSA-2026:3416","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3416"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4185","reference_id":"RHSA-2026:4185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4215","reference_id":"RHSA-2026:4215","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4531","reference_id":"RHSA-2026:4531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4532","reference_id":"RHSA-2026:4532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4533","reference_id":"RHSA-2026:4533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4693","reference_id":"RHSA-2026:4693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8325","reference_id":"RHSA-2026:8325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8433","reference_id":"RHSA-2026:8433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8433"},{"reference_url":"https://usn.ubuntu.com/7851-1/","reference_id":"USN-7851-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7851-1/"}],"fixed_packages":[],"aliases":["CVE-2025-52881","GHSA-cgrx-mc8f-2prm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxsf-mu1t-aqa4"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/buildah@2:1.41.6-1%3Farch=el9_7"}