CVE-2026-1386
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-01-30
Assigner: AMZN
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amazon | firecracker | to 1.13.2 (exc) |
| amazon | firecracker | 1.14.0 |
| amazon | firecracker | 1.14.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-61 | The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1386 is a vulnerability in the Firecracker jailer component on Linux systems, where improper handling of UNIX symbolic links during the jailer startup allows a local user with write access to certain jailer directories to create malicious symlinks. When the jailer runs with root privileges, this flaw can be exploited to overwrite arbitrary files on the host system via a symlink attack during the initialization copy process. This vulnerability affects Firecracker versions up to v1.13.1 and v1.14.0 and is due to the jailer not properly verifying that files are not symlinks pointing outside the intended directory. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a local attacker with write access to pre-created jailer directories to overwrite arbitrary files on the host system if the jailer is run as root. This can compromise system integrity and availability by enabling unauthorized modification or disruption of host files. However, it does not affect confidentiality. The attack requires local access with high privileges but no user interaction. [1, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your system is running Firecracker versions v1.13.1 or earlier, or v1.14.0, which are vulnerable. Additionally, you can inspect the jailer directories for the presence of suspicious symbolic links that could be exploited. To check the Firecracker version, you can run commands like `firecracker --version` or check the installed package version. To inspect the jailer directories for symlinks, you can use commands such as `find /path/to/jailer/directories -type l -ls` to list symbolic links. Also, verify the permissions of the jailer directories using `ls -ld /path/to/jailer/directories` to ensure they are not writable by untrusted users. [1, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Firecracker to version v1.13.2, v1.14.1, or later, which contain patches that prevent symlink and hardlink attacks during the jailer binary copy process. If upgrading is not immediately possible, restrict access to the jailer directories by changing ownership and permissions to trusted users only. This can be done using commands such as `chown <trusted_user> <jailer_directory>` and `chmod 700 <jailer_directory>`. These steps help prevent local users from creating malicious symlinks that could be followed by the jailer running with root privileges. [1, 2, 3, 4]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information on how CVE-2026-1386 affects compliance with common standards and regulations such as GDPR or HIPAA.