CVE-2026-41163

Published: Mag 09, 2026 Last Modified: Mag 09, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitrarily use the privileged operations, and in particular the 'overlay mount' operation, allowing the creation of overlay mounts which is otherwise not allowed in the setuid version of bubblewrap. This issue has been patched in version 0.11.2.

269

Improper Privilege Management

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Gain Privileges Or Assume Identity

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Medium

View CWE Details

https://github.com/containers/bubblewrap/releases/tag/v0.11…

https://github.com/containers/bubblewrap/releases/tag/v0.11.2

https://github.com/containers/bubblewrap/security/advisorie…

https://github.com/containers/bubblewrap/security/advisories/GHSA-xq78-7hw4-5jvp

CVE-2026-41163

Description

Improper Privilege Management

Common Consequences

Applicable Platforms

Iscriviti alla newsletter