Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2026-46680

High

7.3/10

Summary

A bug was found in containerd where containers launched with a numeric `User` directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an `/etc/passwd` file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes `runAsNonRoot` restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user. This issue affects containerd versions from 1.7.27 prior to 1.7.32, 2.0.4 prior to 2.0.9, 2.1.0-beta.0 prior to 2.2.4 and 2.3.0-beta.0 prior to 2.3.1.

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References

Advisory

Advisory Timeline

Published May 21, 2026

Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2026-46680

Summary

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS