CVE-2026-47262
Publication date 22 June 2026
Last updated 9 July 2026
Ubuntu priority
Cvss 3 Severity Score
Description
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| containerd | 26.04 LTS resolute |
Fixed 1.7.24~ds1-10ubuntu1+esm1
|
| 24.04 LTS noble |
Fixed 1.6.24~ds1-1ubuntu1.3+esm3
|
|
| 22.04 LTS jammy |
Fixed 1.6.12-0ubuntu1~22.04.11
|
|
| 20.04 LTS focal |
Fixed 1.6.12-0ubuntu1~20.04.8+esm2
|
|
| 18.04 LTS bionic |
Fixed 1.6.12-0ubuntu1~18.04.1+esm4
|
|
| containerd-app | 26.04 LTS resolute |
Fixed 2.2.2-0ubuntu1.1
|
| 24.04 LTS noble |
Fixed 2.2.1-0ubuntu1~24.04.3
|
|
| 22.04 LTS jammy |
Fixed 2.2.1-0ubuntu1~22.04.2
|
|
| 20.04 LTS focal |
Fixed 1.7.24-0ubuntu1~20.04.2+esm2
|
|
| containerd-stable | 26.04 LTS resolute |
Fixed 2.2.2-0ubuntu1.1
|
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialNotes
alexmurray
Traditionally the containerd source package contained both the library and docker application. However, in releases that contain the containerd-app source package, the containerd source package contains only the library whilst the docker application itself is contained in the containerd-app package.
mdeslaur
containerd-app gets new upstream versions, containerd-stable gets backported security updates and minor point updates
Patch details
| Package | Patch details |
|---|---|
| containerd |
|
| containerd-app |
|
| containerd-stable |
Severity score breakdown
CVSS version:
Base score
5.3 · Medium
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Base score
5.5 · Medium
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
Related Ubuntu Security Notices (USN)
- USN-8472-1
- containerd vulnerabilities
- 25 June 2026
- USN-8471-1
- containerd vulnerabilities
- 25 June 2026
- USN-8473-1
- containerd vulnerabilities
- 25 June 2026