Meet k0smotron 1.0 - the future of Kubernetes cluster management   Learn More


Security patch available for container escape vulnerability affecting Mirantis Container Runtime and Mirantis Kubernetes Engine


Mirantis has patched a container escape vulnerability in runc (CVE-2024-21626) that allows hackers to compromise the host filesystem and cause container breakouts. The vulnerability, which is rated high severity by the National Institute of Standards and Technology and Open Container Initiative, results from an internal file descriptor leak. The flaw affects Mirantis Container Runtime (MCR) and Mirantis Kubernetes Engine (MKE) through the use of the runc application to launch containers.

Mirantis fixes CVEs impacting MCR and MKE promptly to ensure a secure operating environment for our customers. While MCR requires an updated software release to fix this issue, the risk to MKE can be remediated without an updated version of MKE. MKE customers who use MCR as the container runtime should immediately upgrade to MCR version 23.0.9-1 to ensure security against this CVE, though an update to MKE itself is not required.

Further technical information on the vulnerability as well as how to upgrade and secure your MCR deployment can be found in the MCR Technical Bulletin. Likewise, information on securing MKE can be found in the MKE Technical Bulletin.

Mirantis has also prepared a security patch for k0s.

Brad Fewster

Brad Fewster is a Sr. Engineering Manager at Mirantis.

Mirantis simplifies Kubernetes.

From the world’s most popular Kubernetes IDE to fully managed services and training, we can help you at every step of your K8s journey.

Connect with a Mirantis expert to learn how we can help you.

Contact Us


Cloud Native & Coffee

Subscribe to our bi-weekly newsletter for exclusive interviews, expert commentary, and thought leadership on topics shaping the cloud native world.