CVE-2026-28909

Published: Apr 30, 2026

Modified: May 1, 2026

PUBLISHED

Description

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.

Vendor	Product	Versions
Apple	macOS	affected `0.12.1 - < 0.12.3`

References

https://github.com/apple/container/security/advisories/GHSA-m5rp-xcpf-r8m7

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-28909

Description

Affected Products

References