CVE-2024-21626: runc Container Escape (Leaky Vessels)

Score: 8.6
HIGH
Published: 2024-01-31Affected: runc ≀ 1.1.11CWE-403 β†—

What is the Leaky Vessels container escape?

A container escape vulnerability in runc (the container runtime used by Docker, Kubernetes, and containerd). An attacker can break out of a container by exploiting a file descriptor leak in the process working directory, gaining access to the host filesystem.

Impact & Exploitation

Affects nearly all container deployments using runc. Enables full host compromise from within a container. Part of the "Leaky Vessels" family of container escape vulnerabilities.

Related Resources

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS8.6
SeverityHIGH
CWECWE-403
Published2024-01-31

Tags

containerdockerkubernetesescape

Quick Links

Is your system affected?

Precogs AI detects runc Container Escape (Leaky Vessels) in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2024-21626 runc Container Escape (Leaky Vessels) don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo