logo

Database

Improper authorization control for web services In podman-desktop

Description

A flaw was found in Podman Desktop. The isAccessAllowed() unconditionally returns true, enabling malicious extensions to impersonate any user, hijack authentication sessions and access sensitive resources without authorization. This authentication bypass allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package

Aliases

1. CVE-2026-248352. NVD-2026-248353. OSV-2026-24835

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.