Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-55686

CVE-2026-55686: Podman Race Condition Vulnerability

CVE-2026-55686 is a race condition vulnerability in Podman that allows malicious containers to modify host filesystem directories or ownership. This article covers the technical details, affected versions, and mitigation.

Published:

CVE-2026-55686 Overview

CVE-2026-55686 is a symlink handling vulnerability in Podman, an open-source tool for managing Open Container Initiative (OCI) containers and pods. A malicious container image with a WORKDIR value containing a symlink can cause Podman to create a directory or modify ownership on the host filesystem. The flaw affects versions from 3.0.0 up to (but not including) 5.7.1. Ownership modification requires a race condition assisted by an untrusted process mutating the host filesystem tree during path dereferencing. The vulnerability is tracked under [CWE-61: UNIX Symbolic Link (Symlink) Following] and is fixed in Podman 5.7.1.

Critical Impact

A malicious container image can create directories or alter file ownership on the host filesystem when Podman resolves a symlinked WORKDIR, breaking container isolation boundaries.

Affected Products

  • Podman versions 3.0.0 through 5.7.0
  • Podman deployments running untrusted or third-party container images
  • Container hosts using Podman for OCI container orchestration

Discovery Timeline

  • 2026-06-26 - CVE-2026-55686 published to NVD
  • 2026-06-26 - Last updated in NVD database

Technical Details for CVE-2026-55686

Vulnerability Analysis

The vulnerability resides in Podman's handling of the container WORKDIR directive. When Podman prepares a container for execution, it resolves the WORKDIR path and, if the directory does not exist, creates it. The resolution logic followed symbolic links without adequately confining the target to the container's root filesystem. A crafted image that specifies a WORKDIR pointing to a symlink escaping the container root causes Podman to operate on the host filesystem instead of the container mount namespace. Attackers can create arbitrary directories on the host or, under race conditions with a cooperating process, modify file ownership.

Root Cause

The root cause is unsafe symlink dereferencing in the resolveWorkDir() function within libpod/container_internal_common.go. The original isWorkDirSymlink() helper walked up to 40 symlink levels and validated whether the resolved target lived on a container volume or mount, but performed the dereference against host paths outside the container's chroot. The patch simplifies the resolution logic to constrain path traversal within the container root, eliminating the ability for a container-controlled symlink to reach the host.

Attack Vector

An attacker publishes or supplies a malicious OCI image whose image configuration sets WORKDIR to a symbolic link targeting a host path (for example, /etc or /var). When a victim runs the image with podman run, Podman resolves the symlink outside the container root and creates the directory on the host. To modify ownership, the attacker leverages a race condition against a concurrent process that mutates the filesystem tree during path resolution (a time-of-check to time-of-use pattern).

go
// Source: https://github.com/podman-container-tools/podman/commit/d18e44e9abb3bf5b7294aa70806e1368fdddfdd0
// Patch removes the unsafe isWorkDirSymlink() helper from libpod/container_internal_common.go

-// isWorkDirSymlink returns true if resolved workdir is symlink or a chain of symlinks,
-// and final resolved target is present either on  volume, mount or inside of container
-// otherwise it returns false.
-func (c *Container) isWorkDirSymlink(resolvedPath string) bool {
-	maxSymLinks := 0
-	// Linux only supports a chain of 40 links.
-	for maxSymLinks <= 40 {
-		resolvedSymlink, err := os.Readlink(resolvedPath)
-		if err != nil {
-			break
-		}
-		if resolvedSymlink != "" {
-			_, resolvedSymlinkWorkdir, _, err := c.resolvePath(c.state.Mountpoint, resolvedSymlink)
-			if isPathOnVolume(c, resolvedSymlinkWorkdir) || isPathOnMount(c, resolvedSymlinkWorkdir) {
-				return true
-			}
-		}
-	}
-}

Source: Podman commit d18e44e9

Detection Methods for CVE-2026-55686

Indicators of Compromise

  • Unexpected directories appearing on the host filesystem shortly after podman run or podman create invocations.
  • Ownership changes on host paths (for example, /etc, /var, /opt) that coincide with container startup events.
  • Container images whose OCI configuration declares a WORKDIR value containing symbolic link components or unusual absolute paths.

Detection Strategies

  • Inspect image configuration with podman inspect <image> --format '{{.Config.WorkingDir}}' before running untrusted images and flag non-standard values.
  • Enable filesystem audit rules (auditd) on sensitive host directories to record mkdir and chown operations attributable to the podman or conmon processes.
  • Correlate Podman event logs (podman events) with host filesystem change events to identify anomalous directory creation during container startup.

Monitoring Recommendations

  • Track Podman version inventory across hosts and alert on any instance running versions between 3.0.0 and 5.7.0.
  • Log and review the source registries of container images pulled onto Podman hosts to detect untrusted sources.
  • Monitor for privilege escalation attempts or unexpected ownership changes on host system paths using file integrity monitoring.

How to Mitigate CVE-2026-55686

Immediate Actions Required

  • Upgrade Podman to version 5.7.1 or later on all affected hosts.
  • Audit recently pulled container images and remove any from untrusted sources with suspicious WORKDIR configurations.
  • Restrict podman run and podman create privileges to trusted users and pipelines until patching is complete.

Patch Information

The fix is available in Podman 5.7.1. The patch simplifies resolveWorkDir() and removes the unsafe isWorkDirSymlink() helper so that WORKDIR resolution is confined to the container root filesystem. Refer to the GitHub Security Advisory GHSA-q6r4-3wmg-fwcq and the upstream commit d18e44e9 for authoritative patch details.

Workarounds

  • Run Podman in rootless mode where feasible to limit the blast radius of host filesystem writes.
  • Only pull and execute container images from verified, signed registries with image signature enforcement.
  • Inspect image manifests before execution and reject images that declare WORKDIR values containing symlink components or paths outside expected application directories.
bash
# Verify installed Podman version and upgrade
podman --version

# Fedora / RHEL
sudo dnf upgrade podman

# Debian / Ubuntu
sudo apt update && sudo apt install --only-upgrade podman

# Confirm the patched version is 5.7.1 or later
podman --version

# Inspect a suspicious image's WORKDIR before running
podman inspect <image> --format '{{.Config.WorkingDir}}'

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.