Every CVE whose affected-product data names Crun Project Crun, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2019-18837 — CVSS 8.6 (high): An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in…
CVE-2022-27650 — CVSS 7.5 (high): A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby…
CVE-2026-30892 — CVSS 0.0 (none): crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is…