Fluid Attacks Database

Description

A flaw was found in Podman Desktop. A remote attacker can exploit an unauthenticated HTTP server, which lacks proper connection limits and timeouts, to trigger denial-of-service (DoS) conditions. This can lead to application crashes or a complete host freeze. Additionally, verbose error responses from the server may disclose sensitive information, such as internal file paths and system details, including usernames on Windows systems.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel10	podman-desktop	-	-
rpm rhel10	rh-podman-desktop	<0:1.0.1-4.el10_1	0:1.0.1-4.el10_1

Aliases

1. CVE-2026-340452. NVD-2026-340453. OSV-2026-34045

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.