{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24835", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-27T14:51:03.058Z", "datePublished": "2026-01-28T20:42:29.508Z", "dateUpdated": "2026-01-28T21:21:17.125Z"}, "containers": {"cna": {"title": "Podman Desktop Extension System Vulnerable to Authentication Bypass", "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "lang": "en", "description": "CWE-285: Improper Authorization", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg34-6g9m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg34-6g9m"}, {"name": "https://drive.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5rEDxuDM5/view?usp=sharing", "tags": ["x_refsource_MISC"], "url": "https://drive.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5rEDxuDM5/view?usp=sharing"}], "affected": [{"vendor": "podman-desktop", "product": "podman-desktop", "versions": [{"version": "< 1.25.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-28T20:42:29.508Z"}, "descriptions": [{"lang": "en", "value": "Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions. The `isAccessAllowed()` function unconditionally returns `true`, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. This vulnerability affects all versions of Podman Desktop. Version 1.25.1 contains a patch for the issue."}], "source": {"advisory": "GHSA-v3fx-qg34-6g9m", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-28T21:20:22.275211Z", "id": "CVE-2026-24835", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T21:21:17.125Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24835", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-28T21:20:22.275211Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T21:21:12.764Z"}}], "cna": {"title": "Podman Desktop Extension System Vulnerable to Authentication Bypass", "source": {"advisory": "GHSA-v3fx-qg34-6g9m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "podman-desktop", "product": "podman-desktop", "versions": [{"status": "affected", "version": "< 1.25.1"}]}], "references": [{"url": "https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg34-6g9m", "name": "https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg34-6g9m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://drive.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5rEDxuDM5/view?usp=sharing", "name": "https://drive.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5rEDxuDM5/view?usp=sharing", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions. The `isAccessAllowed()` function unconditionally returns `true`, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. This vulnerability affects all versions of Podman Desktop. Version 1.25.1 contains a patch for the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285: Improper Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-28T20:42:29.508Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24835", "state": "PUBLISHED", "dateUpdated": "2026-01-28T21:21:17.125Z", "dateReserved": "2026-01-27T14:51:03.058Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-28T20:42:29.508Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:podman_desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E8A8FE8-FF23-40F4-A6E8-E118CD12F2BE", "versionEndExcluding": "1.25.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions. The `isAccessAllowed()` function unconditionally returns `true`, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. This vulnerability affects all versions of Podman Desktop. Version 1.25.1 contains a patch for the issue."}], "id": "CVE-2026-24835", "lastModified": "2026-03-02T18:27:31.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-28T21:16:12.947", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://drive.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5rEDxuDM5/view?usp=sharing"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg34-6g9m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "podman-desktop: Podman Desktop: Authentication bypass allows malicious extensions to gain unauthorized access.", "id": "2434657", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434657"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-305", "details": ["Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions. The `isAccessAllowed()` function unconditionally returns `true`, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. This vulnerability affects all versions of Podman Desktop. Version 1.25.1 contains a patch for the issue.", "A flaw was found in Podman Desktop, where an authentication bypass vulnerability allows any malicious extension to completely circumvent permission checks. By exploiting a flaw where the `isAccessAllowed()` function unconditionally returns `true`, an attacker can gain unauthorized access to all authentication sessions. This enables malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization."], "name": "CVE-2026-24835", "package_state": [{"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Not affected", "package_name": "rhdesktop/rh-podman-desktop-ext-bootc-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Not affected", "package_name": "rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Not affected", "package_name": "rhdesktop/rh-podman-desktop-ext-redhat-account-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Not affected", "package_name": "rhdesktop/rh-podman-desktop-ext-rhel-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Not affected", "package_name": "rhdesktop/rh-podman-desktop-ext-sandbox-rhel10", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}, {"cpe": "cpe:/a:redhat:podman_desktop:0", "fix_state": "Affected", "package_name": "Security", "product_name": "Red Hat Build of Podman Desktop - Tech Preview"}], "public_date": "2026-01-28T20:42:29Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-24835\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-24835\nhttps://drive.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5rEDxuDM5/view?usp=sharing\nhttps://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg34-6g9m"], "statement": "Red Hat believes this flaw to be of Moderate impact because the vulnerability only allows an attacker to gain access to local sessions and requires user interaction in the form of downloading and installing a malicious extension.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-18T01:37:34.174350+00:00", "value": {"mitigation_remediation": ["Upgrade Podman Desktop to version\u202f1.25.1 or later to install the vendor\u2011supplied fix.", "Remove or disable any non\u2011trusted or unfamiliar extensions before the update.", "Configure the application to allow only signed extensions and enforce strict permission checks for new extensions."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized access via authentication bypass"}, "threat_synthesis": {"affected_systems": "The flaw affects all editions of Podman Desktop released before version\u202f1.25.1. The Linux Foundation\u2019s Podman Desktop product is the only vendor listed. A patch that resolves the issue is available in release\u202f1.25.1 and later.", "description_and_impact": "Podman Desktop includes a critical authentication bypass flaw that allows any installed extension to override native permission checks by calling isAccessAllowed() which always returns true. This enables a malicious extension to impersonate any user, hijack all authentication sessions, and access sensitive resources such as containers and Kubernetes configurations. The vulnerability is categorized as an improper authorization and missing authentication weakness. The impact is the complete loss of user isolation and the ability to compromise any resources the user was permitted to reach.", "risk_and_exploitability": "The CVSS score of 8.8 reflects a high severity, while the EPSS score of less than 1\u202f% indicates a low probability of exploitation under current conditions. The vulnerability is not listed in the CISA KEV catalog. Because any extension can trigger the bypass, a local or user\u2011initiated attack is the most plausible path. Even though exploitation likelihood is low, the potential to compromise all authenticated sessions warrants immediate action."}}}}, "created": "2026-01-29T09:08:29.358898+00:00", "updated": "2026-04-18T01:45:33.396614+00:00", "vendors": ["podman-desktop", "podman-desktop$PRODUCT$podman-desktop"]}