CVE-2026-58053
CVSS 评分: 🔴 严重 9.4 (v4.0)
发布日期: 2026-06-27
来源: NVD
状态: Deferred
漏洞描述(中文)
Gitea act_runner通过act 0.262.0将工作流container.options字符串传递给Docker作业容器的HostConfig,当配置为privileged:false时仅关闭Privileged标志,而强制合并–pid=host、–cap-add和–security-opt等选项,可能导致容器权限提升。
Description (EN)
Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow’s container.options string to the Docker job container’s HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as –pid=host, –cap-add, and –security-opt unchanged. A user who can run a workflow on a Docker-backed runner can create a job container with host namespaces and broad capabilities and escape to the host as root despite privileged mode being disabled.
参考链接
—
自动同步自 NVD | 2026-06-29