QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-41163

Back to search

CVE-2026-41163

Published: May 9, 2026

Modified: May 13, 2026

PUBLISHED

Description

bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitrarily use the privileged operations, and in particular the "overlay mount" operation, allowing the creation of overlay mounts which is otherwise not allowed in the setuid version of bubblewrap. This issue has been patched in version 0.11.2.

VendorProductVersions

containers

bubblewrap

affected
>= 0.11.0, < 0.11.2

Weaknesses (CWE)

CWE-269

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now