logo

Database

Lack of data validation - Path Traversal In github.com/sylabs/singularity/v4

Description

Singluarity: Incorrect path matching for 'limit container paths' directive

Impact

The limit container paths directive in singularity.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed.

For example, the configuration:

limit container paths = /data/safe

Will also allow containers in /data/safe-but-unsafe to be run.

Patches

This issue is patched in SingularityCE 4.4.2 and SingularityPRO 4.3.9 / 4.1.14

Workarounds

If you do not use the limit container paths functionality, then this issue does not affect your installation.

If you do use the limit container paths functionality then you must update. Please also review the documented limitations when user namespaces are enabled [1].

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-472152. NVD-2026-472153. OSV-2026-472154. GHSA-wqcr-7rf3-f64m5. GCVE-2026-47215

References

1. https://github.com/sylabs/singularity/security/advisories/GHSA-wqcr-7rf3-f64m2. https://github.com/sylabs/singularity/commit/c08791793e843d4c9c1f2fc1d9d12abef747378f3. https://docs.sylabs.io/guides/latest/admin-guide/configfiles.html#limiting-container-execution4. https://github.com/sylabs/singularity/releases/tag/v4.4.2

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.