CNNVD-202601-3943 Information
CNNVD ID
CNNVD-202601-3943
Related CVE
- CNNVD Published: 2026-01-23
Description (Chinese)
firecracker是firecracker-microvm开源的一个用于无服务器计算的微型虚拟机。 firecracker v1.13.1及之前版本和1.14.0版本存在安全漏洞,该漏洞源于jailer组件存在UNIX符号链接跟随问题,可能导致本地主机用户覆盖任意主机文件。
Description (English)
Firecracker is a mini-virtual machine for non-server calculations from the Firecracker-microst open source. There is a security loophole in the firecracker v1.13.1 and previous and 1.14.0 versions, which stems from the problem of following the Jailer component with UNIX symbols, which may result in local host users covering any host file.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
firecracker-microvm
Published
2026-01-23
Last Modified
2026-02-24
References
https://aws.amazon.com/security/security-bulletins/2026-003-AWS/ https://github.com/firecracker-microvm/firecracker/releases/tag/v1.13.2 https://github.com/firecracker-microvm/firecracker/releases/tag/v1.14.1 https://github.com/firecracker-microvm/firecracker/security/advisories/GHSA-36j2-f825-qvgc
Patch
https://github.com/firecracker-microvm/firecracker/releases
Share on: