Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
0.0
Incorrect User ID Parsing in crun Containers
CVE-2026-30892
Summary
Crun versions 1.19-1.26 incorrectly interpret the `-u` option, allowing a process to run with higher privileges than intended. This could lead to unauthorized access to system resources. Upgrade to version 1.27 to fix the issue.
Original title
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 ...
Original description
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.
nvd CVSS3.1
0.0
Vulnerability type
CWE-269
Improper Privilege Management
Published: 26 Mar 2026 · Updated: 26 Mar 2026 · First seen: 26 Mar 2026