Affected by GO-2025-3528
and 7 other vulnerabilities
GO-2025-3528: containerd has an integer overflow in User ID handling in github.com/containerd/containerd
GO-2025-4100: containerd affected by a local privilege escalation via wide permissions on CRI directory in github.com/containerd/containerd
GO-2025-4108: containerd CRI server: Host memory exhaustion through Attach goroutine leak in github.com/containerd/containerd
GO-2026-5064: containerd CRI checkpoint restore CDI annotation smuggling in github.com/containerd/containerd
GO-2026-5338: containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd
GO-2026-5475: containerd image-triggered runtime DoS via unbounded group parsing in github.com/containerd/containerd
GO-2026-5622: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd
GO-2026-5758: containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull in github.com/containerd/containerd
type Config struct {
// Root directory for the plugin RootPath string `toml:"root_path"`
// ScratchFile is the scratch block file to use as an empty block ScratchFile string `toml:"scratch_file"`
// FSType is the filesystem type for the mount FSType string `toml:"fs_type"`
// MountOptions are options used for the mount MountOptions []string `toml:"mount_options"`
}
Config represents configuration for the native plugin.