Changeflow GovPing Data Privacy & Cybersecurity Red Hat Enterprise Linux crun Privilege Escalat...
Priority review Guidance Added Final

Red Hat Enterprise Linux crun Privilege Escalation Vulnerability, CVSS 7.8

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published
Detected
Email

Summary

CERT-Bund issued a security advisory regarding a high-severity vulnerability (CVSS 7.8) in Red Hat Enterprise Linux's crun container runtime. The flaw allows local attackers to escalate privileges on affected systems. Versions prior to RHEL 9 and RHEL 10 are affected. System administrators should apply available mitigations or updates immediately.

View original document View source feed page

What changed

CERT-Bund published a security advisory identifying a privilege escalation vulnerability in Red Hat Enterprise Linux's crun container runtime component. The vulnerability carries a CVSS Base Score of 7.8 (high severity) and allows a local attacker to elevate their privileges on affected systems. Mitigation measures are available and should be deployed immediately.

Organizations running Red Hat Enterprise Linux versions prior to 9 and 10 must prioritize patching or applying vendor-recommended mitigations. Given that this is a local privilege escalation vulnerability rather than remote, the immediate risk is to multi-user systems where untrusted local users may have access. Security teams should treat this as a priority update in their patch management workflows.

What to do next

  1. Apply available patches or mitigations for Red Hat Enterprise Linux crun vulnerability
  2. Identify and update all affected RHEL systems (versions <9 and <10)
  3. Review systems for signs of exploitation given local privilege escalation capability

Archived snapshot

Apr 8, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

[WID-SEC-2026-0966] Red Hat Enterprise Linux (crun): Schwachstelle ermöglicht Privilegieneskalation CVSS Base Score 7.8 (hoch) CVSS Temporal Score 6.8 (mittel) Remoteangriff nein Datum 06.04.2026 Stand 07.04.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • UNIX

Produktbeschreibung

Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Produkte

06.04.2026
- Red Hat Enterprise Linux <10

  • Red Hat Enterprise Linux <9

Angriff

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux (crun) ausnutzen, um seine Privilegien zu erhöhen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de sudo Vulnerability Enables Privilege Escalation - CVSS 7.4
Urgent Apr 07, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Dell PowerScale OneFS Multiple Vulnerabilities, CVSS 6.6, Privilege Escalation
Priority review Apr 07, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Vim vulnerability allows arbitrary code execution, CVSS 5.0
Priority review Apr 09, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Get daily alerts for CERT-Bund Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.

What's AI-generated?

The plain-English summary, classification, and "what to do next" steps are AI-generated from the original text. Cite the source document, not the AI analysis.

Last updated

Press inquiries →

Classification

Agency
CERT-Bund
Published
April 6th, 2026
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0966

Who this affects

Applies to
Technology companies Government agencies Users
Industry sector
5112 Software & Technology
Activity scope
Vulnerability patching Server administration Container runtime security
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 292 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Environmental Permits 1 Environmental Regulation 8 Government & Legislation 278 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal 1 Legislative 1 Pharma & Drug Safety 104 Public Health 3 Securities & Markets 104 Securities Regulation 9 Tax 66 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.