No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 30 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 29 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Gitea
Gitea act Runner |
|
| Vendors & Products |
Gitea
Gitea act Runner |
Sun, 28 Jun 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-opt unchanged. A user who can run a workflow on a Docker-backed runner can create a job container with host namespaces and broad capabilities and escape to the host as root despite privileged mode being disabled. | |
| Title | Gitea act_runner - Container Hardening Bypass via Workflow Container Options | |
| Weaknesses | CWE-269 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-30T14:12:50.255Z
Reserved: 2026-06-28T00:55:25.426Z
Link: CVE-2026-58053
Updated: 2026-06-30T14:12:46.102Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-29T20:05:47Z