← back
CVE-2026-28909

CVE-2026-28909

CVSS 6.5 MEDIUMEPSS 0.2%CWE-522
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Apr 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected products
Apple · macOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/apple/container/security/advisories/GHSA-m5rp-xcpf-r8m7