FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

podman -- files outside build context may be included via malicious Git repo or tar archive

Affected packages
podman < 5.8.3

Details

VuXML ID fe2e8bdc-ff48-4166-b285-59822c7cf473
Discovery 2026-06-22
Entry 2026-06-22

The Podman developers report:

Building a Dockerfile using an ADD or COPY instruction accessing a malicious Git repository or tar archive could cause files outside the build context directory to be included in the build context or copied into the build.

[source]

References

CVE Name CVE-2026-44517
URL https://github.com/podman-container-tools/buildah/security/advisories/GHSA-49p4-px3h-rq49
URL https://github.com/podman-container-tools/podman/releases/tag/v5.8.3

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.