{"schema_version":"1.7.2","id":"OESA-2026-1435","modified":"2026-02-28T12:44:16Z","published":"2026-02-28T12:44:16Z","upstream":["CVE-2026-24054"],"summary":"kata-containers security update","details":"This is core component of Kata Container, to make it work, you need a isulad/docker engine.\r\n\r\nSecurity Fix(es):\n\nKata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter directory for the container rootfs. When the Kata runtime attempts to mount the container rootfs, the bind mount causes the rootfs to be detected as a block device, leading to the underlying device being hotplugged to the guest. This can cause filesystem-level errors on the host due to double inode allocation, and may lead to the host's block device being mounted as read-only. Version 3.26.0 contains a patch for the issue.(CVE-2026-24054)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"kata-containers","purl":"pkg:rpm/openEuler/kata-containers&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.0-15.oe2403"}]}],"ecosystem_specific":{"aarch64":["kata-containers-3.2.0-15.oe2403.aarch64.rpm"],"src":["kata-containers-3.2.0-15.oe2403.src.rpm"],"x86_64":["kata-containers-3.2.0-15.oe2403.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1435"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24054"}],"database_specific":{"severity":"High"}}