CVE-2026-57231

Name: CVE-2026-57231 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2026-57231

HIGH

CVSS v3.1: 7.5

NetworkNo privilegesNo user interactionInformation ExposureVendor advisory ref

Source data as of: 2026-06-27 05:07:21 UTC

At a glance

Severity: HIGH
CVSS: 7.5 v3.1 · NVD
EPSS: EPSS not provided by FIRST.org for this CVE
CISA KEV: No
Type: Information Exposure · NVD CWE
Attack conditions (CVSS vector): NetworkNo privilegesNo user interaction · Source: NVD Vector
Published: 2026-06-26 · Modified: 2026-06-27
References: Jump to references (2)

CVSS / EPSS / KEV

CVSS v3.1 7.5 / 10 HIGH Source: NVD

EPSS — EPSS not provided by FIRST.org for this CVE Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk (*) will cause podman to pass all host variables into the container. So essentially a malicious image can exfiltrate all podman environment variables that are set in the session from where the container is launched. This vulnerability is fixed in 5.8.4 and 6.0.0.

Record details

CVE ID: CVE-2026-57231
CVSS (v3.1): 7.5 (HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability subscore: 3.9
Impact subscore: 3.6
CISA KEV: No
Weakness (CWE): CWE-200, CWE-668
Affected configurations (CPE): 0
Published: 2026-06-26
Modified: 2026-06-27
Status: Undergoing Analysis

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

← Back to all records

CVE-2026-57231

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same weakness type (CWE)

Published the same year