runc
Safeguard articles tagged "runc" — guides, analysis, and best practices for software supply chain and application security.
17 articles
runc Container Breakout via /proc/self/exe Overwrite (CVE...
CVE-2019-5736 let a malicious container overwrite the host runc binary, escaping isolation to gain root on the Docker or Kubernetes host.
CVE-2025-31133 in runc: Patch Posture & SBOM Response
runc container-escape via /proc mount manipulation affects Docker, Kubernetes, and every CRI runtime. Defender playbook below.
Container runtime security (containerd/CRI-O) vulnerability roundup
Container runtime CVEs like the runc Leaky Vessels flaw and CRI-O's cr8escape show how containerd and CRI-O bugs turn into full host takeovers.
CVE-2024-21626: runc process.cwd Container Breakout Deep ...
A technical breakdown of CVE-2024-21626, the runc process.cwd() flaw enabling container breakout to host access, with detection and remediation guidance.
Container Runtime Security Comparison: runc, gVisor, Kata, and Firecracker
Your container runtime determines the strength of your isolation boundary. Here is an honest comparison of runc, gVisor, Kata Containers, and Firecracker from a security perspective.