Apple: >> Container >> 0.1.0 Security Vulnerabilities
Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-04-30
The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-23