CVE-2026-28909

MEDIUM CVSS 6.5 View on NVD ↗

Description

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

https://github.com/apple/container/security/advisories/GHSA-m5rp-xcpf-r8m7

Published: Apr 30, 2026 23:16 UTC Modified: May 01, 2026 15:26 UTC