CVE-2026-53492
Bulletin ID: 2026-046-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/18/2026 17:30 PM PDT Description: containerd is an open-source container runtime used by Kubernetes via the Container Runtime Interface (CRI) plugin. It underpins AWS managed container services including Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), AWS Fargate, Bottlerocket, and Amazon Linux. AWS identified five issues in the containerd CRI plugin affecting versions 1.7 through 2.3. - CVE-2026-50195 (GHSA-cvxm-645q-p574) - CRI checkpoint import, local image tag poisoning - CVE-2026-53488 (GHSA-xhf5-7wjv-pqxp) - image-config LABEL -> host-root command exec - CVE-2026-53492 (GHSA-33vj-92qq-66hc) - CDI annotation smuggling during checkpoint restore - CVE-2026-53489 (GHSA-rgh6-rfwx-v388) - arbitrary host file read via symlink in checkpoint restore - CVE-2026-47262 (GHSA-jpcc-p29g-p8mq) - image-triggered runtime DoS Impacted versions: containerd 1.7, 2.0, 2.1, 2.2, 2.3 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
CSIRTS triage
- What
- Multiple issues identified in the containerd CRI plugin could lead to various security concerns.
- Who is affected
- Users of containerd versions 1.7 through 2.3.
- Urgency
- Remediation is important as these issues could affect container security.
- Action
- Update to the latest version of containerd.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-53492
Get an email if CVE-2026-53492 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.41% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 33% of all EPSS-scored CVEs.
Advisory coverage (3)
- high[UPDATE] [high] Google Cloud Platform (GKE containerd): Multiple vulnerabilitiescert-bund · 2026-07-10
- criticalCVE-2026-53492: containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, t…nvd · 2026-07-01
- unknownIssue with containerd CRI Plugin - CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, CVE-2026-47…aws · 2026-06-19
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-53492)