The containerd maintainers shipped coordinated patches on May 20 — v2.3.1, v2.2.4, v2.0.9, and v1.7.32 — fixing CVE-2026-46680, a moderate-severity advisory that lets a crafted image bypass a pod’s runAsNonRoot restriction.
What the advisory covers
GHSA-fqw6-gf59-qr4w describes numeric User directives in OCI specs that exceed the 32-bit integer range. When the value falls outside that range, containerd parses it as a username instead, then resolves it against the image’s /etc/passwd. An image whose passwd file maps that string to UID 0 lands the container as root, even when the pod spec asked for a non-root numeric user. The advisory lists containerd v1.7.27+ and v2.0.4+ as affected.
Other notable fixes
- AF_ALG is now blocked in the default seccomp socket policy, removing a kernel crypto API path from container processes.
- The overlayfs
rebasecapability is disabled when running in a user namespace, which had been breaking layer extraction. - The sandbox task API now handles non-runc runtimes correctly; task fields in Runc options are deprecated.
- Metadata and mount plugin boltdb files now close cleanly on server shutdown.
- The transfer plugin no longer errors out when EROFS differ is configured without
mkfs.erofson the host.
Mitigations short of upgrading
The advisory lists restricting image imports to trusted sources, enforcing a numeric runAsUser in Pod security contexts, or upgrading to Kubernetes 1.34+ — which validates runAsUser independently of the runtime — as workarounds for clusters that cannot patch immediately. The 2.x branches also pick up Go 1.26.3 and bump the containerd API to v1.11.1.
Source: containerd security advisory GHSA-fqw6-gf59-qr4w — May 20, 2026.
Stay on top of the cloud-native release wire
Kubernetes, AI infra, and CNCF moves - delivered when they matter.