{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-55686", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-06-17T00:13:10.650Z", "datePublished": "2026-06-26T16:30:41.345Z", "dateUpdated": "2026-06-26T18:31:36.842Z"}, "containers": {"cna": {"title": "Podman: WORKDIR symlink traversal vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-61", "lang": "en", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/podman-container-tools/podman/security/advisories/GHSA-q6r4-3wmg-fwcq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/podman-container-tools/podman/security/advisories/GHSA-q6r4-3wmg-fwcq"}, {"name": "https://github.com/podman-container-tools/podman/commit/d18e44e9abb3bf5b7294aa70806e1368fdddfdd0", "tags": ["x_refsource_MISC"], "url": "https://github.com/podman-container-tools/podman/commit/d18e44e9abb3bf5b7294aa70806e1368fdddfdd0"}], "affected": [{"vendor": "podman-container-tools", "product": "podman", "versions": [{"version": ">= 3.0.0, < 5.7.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-26T16:30:41.345Z"}, "descriptions": [{"lang": "en", "value": "Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree during dereferencing of the WORKDIR path, to trigger a race condition. This vulnerability is fixed in 5.7.1."}], "source": {"advisory": "GHSA-q6r4-3wmg-fwcq", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/podman-container-tools/podman/security/advisories/GHSA-q6r4-3wmg-fwcq", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-26T18:31:12.071003Z", "id": "CVE-2026-55686", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-26T18:31:36.842Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-55686", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-26T18:31:12.071003Z"}}}], "references": [{"url": "https://github.com/podman-container-tools/podman/security/advisories/GHSA-q6r4-3wmg-fwcq", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-26T18:31:32.567Z"}}], "cna": {"title": "Podman: WORKDIR symlink traversal vulnerability", "source": {"advisory": "GHSA-q6r4-3wmg-fwcq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "podman-container-tools", "product": "podman", "versions": [{"status": "affected", "version": ">= 3.0.0, < 5.7.1"}]}], "references": [{"url": "https://github.com/podman-container-tools/podman/security/advisories/GHSA-q6r4-3wmg-fwcq", "name": "https://github.com/podman-container-tools/podman/security/advisories/GHSA-q6r4-3wmg-fwcq", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/podman-container-tools/podman/commit/d18e44e9abb3bf5b7294aa70806e1368fdddfdd0", "name": "https://github.com/podman-container-tools/podman/commit/d18e44e9abb3bf5b7294aa70806e1368fdddfdd0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree during dereferencing of the WORKDIR path, to trigger a race condition. This vulnerability is fixed in 5.7.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-61", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-26T16:30:41.345Z"}}}, "cveMetadata": {"cveId": "CVE-2026-55686", "state": "PUBLISHED", "dateUpdated": "2026-06-26T18:31:36.842Z", "dateReserved": "2026-06-17T00:13:10.650Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-26T16:30:41.345Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "github.com/containers/podman: Podman: Host filesystem modification via malicious container image WORKDIR symlink", "id": "2493624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493624"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-59", "details": ["Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree during dereferencing of the WORKDIR path, to trigger a race condition. This vulnerability is fixed in 5.7.1.", "A flaw was found in Podman. A remote attacker can exploit this vulnerability by running a malicious container image where the WORKDIR (working directory) path contains a symbolic link (symlink). This can lead to the creation of a directory or modification of ownership on the host filesystem, potentially impacting system integrity."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-55686", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/eda-controller-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-27/eda-controller-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "container-tools:rhel8/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Fix deferred", "package_name": "podman", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "podman", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Fix deferred", "package_name": "container-native-virtualization/ocp-virt-validation-checkup-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-builder-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-builder-rhel9", "product_name": "Red Hat Quay 3"}], "public_date": "2026-06-26T16:30:41Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-55686\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-55686\nhttps://github.com/podman-container-tools/podman/commit/d18e44e9abb3bf5b7294aa70806e1368fdddfdd0\nhttps://github.com/podman-container-tools/podman/security/advisories/GHSA-q6r4-3wmg-fwcq"], "statement": "A flaw was found in Podman where running a malicious container image with a WORKDIR path containing a symlink can create directories or modify ownership on the host filesystem. Exploitation requires the user to pull and run a specifically crafted malicious container image. Red Hat rates this as Moderate impact, consistent with the upstream assessment, because the attack requires a malicious image and the most severe outcome (ownership modification) requires additional help from an underprivileged user namespace.", "threat_severity": "Moderate"}