Critical DoS Vulnerabilities in Fedora 43 Podman, Buildah, and Skopeo

Critical DoS Vulnerabilities in Fedora 43 Podman, Buildah, and Skopeo

First seen 17 Apr 2026, 05:30 UTC Linuxsecurity 80% similarity 72.8

Article Content

Browse articles
ThreatCluster

On April 6, 2026, CVE-2026-34986 was published, revealing a critical denial of service vulnerability affecting Fedora 43's Podman, Buildah, and Skopeo tools. This vulnerability allows attackers to exploit crafted JSON Web Encryption (JWE) objects, potentially leading to service disruptions. Users of Fedora 43 are urged to update their systems to mitigate this risk. The affected packages include skopeo version 1.22.2, podman version 5.8.2, and buildah version 1.43.1, all of which received automatic updates. The updates were released on April 14, 2026, and users can apply them using the 'dnf' update program. The vulnerability poses a significant threat to systems relying on these container management tools. Security teams should prioritize applying the updates to prevent potential exploitation.

Key Points: • CVE-2026-34986 exposes critical DoS vulnerabilities in Fedora 43 tools. • Affected packages include Podman, Buildah, and Skopeo, requiring immediate updates. • Exploitation involves crafted JSON Web Encryption (JWE) objects.

ThreatCluster AI

Timeline

2026-04-06
CVE-2026-34986 published
2026-04-14
Automatic updates released for affected packages
2026-04-17
Articles published detailing the vulnerabilities

Community

Browse all →