CVE-2026-30892 PUBLISHED

Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation

Assigner: GitHub_M
Reserved: 06.03.2026 Published: 25.03.2026 Updated: 25.03.2026

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u (--user) is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
CVSS Score: 0

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	containers
Product	crun
Versions	Version >= 1.19, < 1.27 is affected

References

https://github.com/containers/crun/security/advisories/GHSA-4vg2-xjqj-7chj
https://github.com/containers/crun/commit/1bd7f42446999b0e76bc3d575392e05c943b0b01
https://github.com/containers/crun/releases/tag/1.27

Problem Types

CWE-269: Improper Privilege Management CWE