Linuxfoundation Containerd — known CVE vulnerabilities
Every CVE whose affected-product data names Linuxfoundation Containerd, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2026-50195 — CVSS 9.9 (critical): containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint…
CVE-2026-53492 — CVSS 9.6 (critical): containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts…
CVE-2026-53488 — CVSS 8.8 (high): containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates…
CVE-2021-43816 — CVSS 8.0 (high): containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with…
CVE-2026-46680 — CVSS 7.8 (high): containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric…
CVE-2021-41103 — CVSS 7.8 (high): containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd…
CVE-2022-23648 — CVSS 7.5 (high): containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1…
CVE-2025-47291 — CVSS 7.5 (high): containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in…
CVE-2024-25621 — CVSS 7.3 (high): containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and…
CVE-2026-53489 — CVSS 6.5 (medium): containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores…
CVE-2021-21334 — CVSS 6.3 (medium): In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI…
CVE-2023-25153 — CVSS 6.2 (medium): containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the…
CVE-2020-15157 — CVSS 6.1 (medium): In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container…
CVE-2025-47290 — CVSS 5.9 (medium): containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an…
CVE-2022-23471 — CVSS 5.7 (medium): containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the…
CVE-2025-64329 — CVSS 5.5 (medium): containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and…
CVE-2022-31030 — CVSS 5.5 (medium): containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container…
CVE-2026-47262 — CVSS 5.5 (medium): containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that…
CVE-2023-25173 — CVSS 5.3 (medium): containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary…
CVE-2020-15257 — CVSS 5.2 (medium): containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions…
CVE-2021-32760 — CVSS 5.0 (medium): containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a…
CVE-2024-40635 — CVSS 4.6 (medium): containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers…