CVE-2026-34045

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-34045
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-34045.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-34045
Aliases
  • GHSA-2q88-39rh-gxvv
Published
2026-04-07T20:52:32.438Z
Modified
2026-04-08T12:52:27.393951Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
Summary
Podman Desktop WebView Server Exposed
Details

Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection limits and timeouts, an attacker can exhaust file descriptors and kernel memory, leading to application crash or full host freeze. Additionally, verbose error responses disclose internal paths and system details (including usernames on Windows), aiding further exploitation. The issue requires no authentication or user interaction and is exploitable over the network. This vulnerability is fixed in 1.26.2.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34045.json",
    "cwe_ids": [
        "CWE-209",
        "CWE-284",
        "CWE-400"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/podman-desktop/podman-desktop

Affected ranges

Type
GIT
Repo
https://github.com/podman-desktop/podman-desktop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a50bd1944c8e597e6f2d9f7efd4aba7d1f9ad2a6
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.26.2"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-34045.json"