<Vulnerability name="CVE-2026-57231">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Important</ThreatSeverity>
    <PublicDate>2026-06-26T16:29:02</PublicDate>
    <Bugzilla id="2493620" url="https://bugzilla.redhat.com/show_bug.cgi?id=2493620" xml:lang="en:us">
podman: Podman: Information disclosure via malicious container image environment variables
    </Bugzilla>
    <CVSS3 status="verified">
        <CVSS3BaseScore>7.5</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-914</CWE>
    <Details xml:lang="en:us" source="Mitre">
Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk (*) will cause podman to pass all host variables into the container. So essentially a malicious image can exfiltrate all podman environment variables that are set in the session from where the container is launched. This vulnerability is fixed in 5.8.4 and 6.0.0.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk (*), to trick Podman. This vulnerability causes Podman to pass host environment variables into the container. Consequently, a malicious image could exfiltrate all Podman environment variables set in the session from which the container is launched, leading to information disclosure.
    </Details>
    <Mitigation xml:lang="en:us">
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
    </Mitigation>
    <AffectedRelease cpe="cpe:/o:redhat:enterprise_linux:10.2">
        <ProductName>Red Hat Enterprise Linux 10</ProductName>
        <ReleaseDate>2026-07-09T00:00:00Z</ReleaseDate>
        <Advisory type="RHSA" url="https://access.redhat.com/errata/RHSA-2026:37072">RHSA-2026:37072</Advisory>
        <Package name="podman">podman-7:5.8.2-4.el10_2</Package>
    </AffectedRelease>
    <AffectedRelease cpe="cpe:/a:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <ReleaseDate>2026-07-13T00:00:00Z</ReleaseDate>
        <Advisory type="RHSA" url="https://access.redhat.com/errata/RHSA-2026:38504">RHSA-2026:38504</Advisory>
        <Package name="container-tools:rhel8">container-tools:rhel8-8100020260709093628.afee755d</Package>
    </AffectedRelease>
    <AffectedRelease cpe="cpe:/a:redhat:enterprise_linux:9">
        <ProductName>Red Hat Enterprise Linux 9</ProductName>
        <ReleaseDate>2026-07-09T00:00:00Z</ReleaseDate>
        <Advisory type="RHSA" url="https://access.redhat.com/errata/RHSA-2026:37123">RHSA-2026:37123</Advisory>
        <Package name="podman">podman-6:5.8.2-4.el9_8</Package>
    </AffectedRelease>
    <AffectedRelease cpe="cpe:/a:redhat:hummingbird:1">
        <ProductName>Red Hat Hardened Images</ProductName>
        <ReleaseDate>2026-06-25T00:00:00Z</ReleaseDate>
        <Advisory type="RHSA" url="https://access.redhat.com/errata/RHSA-2026:29954">RHSA-2026:29954</Advisory>
        <Package name="podman-main">podman-main-6.0.0-1.hum1</Package>
    </AffectedRelease>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>ansible-automation-platform-26/eda-controller-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>ansible-automation-platform-27/eda-controller-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:10">
        <ProductName>Red Hat Enterprise Linux 10</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>conmon</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>conmon</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Affected</FixState>
        <PackageName>podman</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:9">
        <ProductName>Red Hat Enterprise Linux 9</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>conmon</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift:4">
        <ProductName>Red Hat OpenShift Container Platform 4</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>conmon</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift:4">
        <ProductName>Red Hat OpenShift Container Platform 4</ProductName>
        <FixState>Affected</FixState>
        <PackageName>cri-o</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift:4">
        <ProductName>Red Hat OpenShift Container Platform 4</ProductName>
        <FixState>Affected</FixState>
        <PackageName>kata-containers</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift:4">
        <ProductName>Red Hat OpenShift Container Platform 4</ProductName>
        <FixState>Affected</FixState>
        <PackageName>podman</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift:4">
        <ProductName>Red Hat OpenShift Container Platform 4</ProductName>
        <FixState>Affected</FixState>
        <PackageName>rhcos</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift_devspaces:3">
        <ProductName>Red Hat OpenShift Dev Spaces</ProductName>
        <FixState>Affected</FixState>
        <PackageName>devspaces/udi-base-rhel10</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:container_native_virtualization:4">
        <ProductName>Red Hat OpenShift Virtualization 4</ProductName>
        <FixState>Affected</FixState>
        <PackageName>container-native-virtualization/ocp-virt-validation-checkup-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openstack:18.0">
        <ProductName>Red Hat OpenStack Platform 18.0</ProductName>
        <FixState>Affected</FixState>
        <PackageName>rhoso-operators/prometheus-podman-exporter-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:quay:3">
        <ProductName>Red Hat Quay 3</ProductName>
        <FixState>Affected</FixState>
        <PackageName>quay/quay-builder-rhel8</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:quay:3">
        <ProductName>Red Hat Quay 3</ProductName>
        <FixState>Affected</FixState>
        <PackageName>quay/quay-builder-rhel9</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-57231
https://nvd.nist.gov/vuln/detail/CVE-2026-57231
https://github.com/podman-container-tools/podman/commit/6c431b73dbf8e4b20b778644d7a80caebdb75050
https://github.com/podman-container-tools/podman/security/advisories/GHSA-4hq8-gpf5-8p68
    </References>
</Vulnerability>