Skip to content

Fix HIGH-severity containerd CVEs#2702

Merged
Aryan-sharma11 merged 1 commit into
kubearmor:mainfrom
sagarkhandagre998:issue-2701
Jun 24, 2026
Merged

Fix HIGH-severity containerd CVEs#2702
Aryan-sharma11 merged 1 commit into
kubearmor:mainfrom
sagarkhandagre998:issue-2701

Conversation

@sagarkhandagre998

Copy link
Copy Markdown
Contributor

Purpose of PR?:

Summary

Bumps github.com/containerd/containerd/v2 from v2.3.1 → v2.3.2 to resolve three HIGH-severity vulnerabilities flagged by Trivy.

CVEs fixed

CVE-2026-53488
CVE-2026-53489
CVE-2026-53492

Changes
Upgrade containerd/v2 in both the KubeArmor and KubeArmorOperator modules
go mod tidy pulls transitive bumps to golang.org/x/{crypto,sys,text,sync,term}
No source changes — patch-level bump, both modules build cleanly

Testing
go build ./... passes for both modules
No remaining v2.3.1 references; Trivy should now report 0 HIGH for containerd

Fixes #2701

Does this PR introduce a breaking change?

If the changes in this PR are manually verified, list down the scenarios covered::

Additional information for reviewer? :
Mention if this PR is part of any design or a continuation of previous PRs

Checklist:

  • Bug fix. Fixes #
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • PR Title follows the convention of <type>(<scope>): <subject>
  • Commit has unit tests
  • Commit has integration tests

@sagarkhandagre998

Copy link
Copy Markdown
Contributor Author

@Aryan-sharma11 Please take a look.

@Aryan-sharma11

Copy link
Copy Markdown
Member

Hi @sagarkhandagre998, thanks for the PR.
Have you tested it locally using a Trivy scan?

@Aryan-sharma11 Aryan-sharma11 self-requested a review June 24, 2026 06:09
@sagarkhandagre998

Copy link
Copy Markdown
Contributor Author

Hi @sagarkhandagre998, thanks for the PR. Have you tested it locally using a Trivy scan?

@Aryan-sharma11 Yes i did , Below is the output of before and after scan .

Before :-
Screenshot from 2026-06-24 12-02-36

After :-
Screenshot from 2026-06-24 12-03-06

- Upgrade github.com/containerd/containerd/v2 v2.3.1 -> v2.3.2
- Fixes CVE-2026-53488, CVE-2026-53489, CVE-2026-53492
- Apply in both KubeArmor and KubeArmorOperator modules
- Pull transitive bumps to golang.org/x/{crypto,sys,text,sync,term}

Signed-off-by: Sagar Khandagre <[email protected]>
@Aryan-sharma11 Aryan-sharma11 merged commit 1e50e1e into kubearmor:main Jun 24, 2026
20 of 21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

fix trivy scan vulnerabilities

3 participants