buildah: Unprivileged users can escalate their privileges

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

buildah: Unprivileged users can escalate their privileges

RHSA-2026:3298

Summary

An update is available to fix a security issue in buildah that could allow an attacker with elevated privileges to gain even more access to the system. This affects users who use buildah on Red Hat Enterprise Linux systems. To stay secure, update your system with the latest package.

What to do

Update redhat buildah to version 2:1.41.8-2.el9_7.
Update redhat buildah-debuginfo to version 2:1.41.8-2.el9_7.
Update redhat buildah-debugsource to version 2:1.41.8-2.el9_7.
Update redhat buildah-tests to version 2:1.41.8-2.el9_7.
Update redhat buildah-tests-debuginfo to version 2:1.41.8-2.el9_7.

Affected software

Vendor	Product	Affected versions	Fix available
redhat	buildah	<= 2:1.41.8-2.el9_7	2:1.41.8-2.el9_7
redhat	buildah-debuginfo	<= 2:1.41.8-2.el9_7	2:1.41.8-2.el9_7
redhat	buildah-debugsource	<= 2:1.41.8-2.el9_7	2:1.41.8-2.el9_7
redhat	buildah-tests	<= 2:1.41.8-2.el9_7	2:1.41.8-2.el9_7
redhat	buildah-tests-debuginfo	<= 2:1.41.8-2.el9_7	2:1.41.8-2.el9_7

Original title

Red Hat Security Advisory: buildah security update

osv CVSS3.1 7.5

https://access.redhat.com/errata/RHSA-2026:3298 Vendor Advisory
https://access.redhat.com/security/updates/classification/#important Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2418462 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2434432 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2437111 Third Party Advisory
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3298.j... Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-61726 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-61726 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-61726 Vendor Advisory
https://go.dev/cl/736712 Third Party Advisory
https://go.dev/issue/77101 Third Party Advisory
https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc Third Party Advisory
https://pkg.go.dev/vuln/GO-2026-4341 Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-61729 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-61729 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-61729 Vendor Advisory
https://go.dev/cl/725920 Third Party Advisory
https://go.dev/issue/76445 Third Party Advisory
https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 Third Party Advisory
https://pkg.go.dev/vuln/GO-2025-4155 Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-68121 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-68121 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-68121 Vendor Advisory
https://go.dev/cl/737700 Third Party Advisory
https://go.dev/issue/77217 Third Party Advisory
https://groups.google.com/g/golang-announce/c/K09ubi9FQFk Third Party Advisory
https://pkg.go.dev/vuln/GO-2026-4337 Vendor Advisory

Published: 25 Feb 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026