Safeguard
Tag

containerd

Safeguard articles tagged "containerd" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Container Security

Container Runtime Comparison: A 2026 Buyer's Guide

A practical container runtime comparison for 2026 buyers: containerd, CRI-O, gVisor, Kata, and Youki measured against real production workloads.

Mar 18, 20265 min read
Vulnerability Analysis

containerd-shim abstract Unix socket container escape (CVE-2020-15257)

CVE-2020-15257 let containers sharing a host network namespace abuse containerd-shim's abstract socket API. Here's the impact, fix, and remediation path.

Jan 9, 20267 min read
Vulnerability Analysis

containerd CRI plugin mount escape (CVE-2022-23648)

CVE-2022-23648 let crafted pod volume specs bypass containerd's CRI mount isolation to reach arbitrary host files — versions, severity, and fixes.

Jan 8, 20266 min read
Vulnerability Analysis

containerd-shim Abstract Unix Socket Exposure Enabling Co...

CVE-2020-15257 lets processes in host-networked containers reach the containerd-shim socket and escape to the host. Impact, affected versions, and fixes explained.

Nov 21, 20258 min read
Cloud Security

Container runtime security (containerd/CRI-O) vulnerability roundup

Container runtime CVEs like the runc Leaky Vessels flaw and CRI-O's cr8escape show how containerd and CRI-O bugs turn into full host takeovers.

Nov 2, 20257 min read
Container Security

CRI-O vs containerd: Security Comparison

Both are CNCF graduated runtimes. Both run production clusters. Their security properties diverge in ways that matter for hardened environments.

Aug 22, 20246 min read
Container Security

containerd Security Configuration Guide

containerd runs most of Kubernetes today. Its defaults are reasonable, but reasonable is not hardened. Here is how to close the gaps.

May 12, 20246 min read
containerd — Safeguard Blog