1. Ubuntu Security Notices
  2. USN-8471-1

USN-8471-1: containerd vulnerabilities

Publication date

25 June 2026

Overview

Several security issues were fixed in containerd.

Releases

Packages

  • containerd - open and reliable container runtime library

Details

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS
frames. A remote attacker could possibly use this issue to cause containerd
to enter an infinite loop, resulting in a denial of service. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2026-33814)

Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly
handled group parsing when creating containers from images. An attacker
could possibly use this issue to cause containerd to consume excessive
memory, resulting in a denial of service. (CVE-2026-47262)

Robert Prast discovered that containerd incorrectly propagated labels
from image configurations to containers. An attacker could possibly use
this issue to execute arbitrary code on the host. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04...

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS
frames. A remote attacker could possibly use this issue to cause containerd
to enter an infinite loop, resulting in a denial of service. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2026-33814)

Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly
handled group parsing when creating containers from images. An attacker
could possibly use this issue to cause containerd to consume excessive
memory, resulting in a denial of service. (CVE-2026-47262)

Robert Prast discovered that containerd incorrectly propagated labels
from image configurations to containers. An attacker could possibly use
this issue to execute arbitrary code on the host. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS
and Ubuntu 26.04 LTS. (CVE-2026-53488)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
26.04 LTS resolute golang-github-containerd-containerd-api-dev –  1.7.24~ds1-10ubuntu1+esm1  
golang-github-containerd-containerd-dev –  1.7.24~ds1-10ubuntu1+esm1  
24.04 LTS noble golang-github-containerd-containerd-dev –  1.6.24~ds1-1ubuntu1.3+esm3  
22.04 LTS jammy golang-github-containerd-containerd-dev –  1.6.12-0ubuntu1~22.04.11
20.04 LTS focal golang-github-containerd-containerd-dev –  1.6.12-0ubuntu1~20.04.8+esm2  
18.04 LTS bionic containerd –  1.6.12-0ubuntu1~18.04.1+esm4  
golang-github-containerd-containerd-dev –  1.6.12-0ubuntu1~18.04.1+esm4  
16.04 LTS xenial containerd –  1.2.6-0ubuntu1~16.04.6+esm7
golang-github-docker-containerd-dev –  1.2.6-0ubuntu1~16.04.6+esm7

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›