6 CVE-2026-1386
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges.
To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
https://nvd.nist.gov/vuln/detail/CVE-2026-1386
Categories
CWE-61
References
ff89ba41-3aa1-4d27-914a-91399e9639e5
| https://aws.amazon.com/security/security-bulletins/2026-003-AWS/ Vendor Advisory |
| https://github.com/firecracker-microvm/firecracker/releases/tag/v1.13.2 Release Notes Product |
| https://github.com/firecracker-microvm/firecracker/releases/tag/v1.14.1 Release Notes Product |
| https://github.com/firecracker-microvm/firecracker/security/advisories/GHSA-3... Vendor Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:amazon:firecracker:*:*:*:*:*:*:*:* | < 1.13.2 | |
| cpe:2.3:a:amazon:firecracker:1.14.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:amazon:firecracker:1.14.0:dev:*:*:*:*:*:* | ||
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
