CVE-2026-1386
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-01-30

Assigner: AMZN

Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-01-30
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1386
EUVD
EUVD-2026-4536
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
amazon firecracker to 1.13.2 (exc)
amazon firecracker 1.14.0
amazon firecracker 1.14.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-61 The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1386 is a vulnerability in the Firecracker jailer component on Linux systems, where improper handling of UNIX symbolic links during the jailer startup allows a local user with write access to certain jailer directories to create malicious symlinks. When the jailer runs with root privileges, this flaw can be exploited to overwrite arbitrary files on the host system via a symlink attack during the initialization copy process. This vulnerability affects Firecracker versions up to v1.13.1 and v1.14.0 and is due to the jailer not properly verifying that files are not symlinks pointing outside the intended directory. [1]

Impact Analysis

This vulnerability can impact you by allowing a local attacker with write access to pre-created jailer directories to overwrite arbitrary files on the host system if the jailer is run as root. This can compromise system integrity and availability by enabling unauthorized modification or disruption of host files. However, it does not affect confidentiality. The attack requires local access with high privileges but no user interaction. [1, 4]

Detection Guidance

This vulnerability can be detected by checking if your system is running Firecracker versions v1.13.1 or earlier, or v1.14.0, which are vulnerable. Additionally, you can inspect the jailer directories for the presence of suspicious symbolic links that could be exploited. To check the Firecracker version, you can run commands like `firecracker --version` or check the installed package version. To inspect the jailer directories for symlinks, you can use commands such as `find /path/to/jailer/directories -type l -ls` to list symbolic links. Also, verify the permissions of the jailer directories using `ls -ld /path/to/jailer/directories` to ensure they are not writable by untrusted users. [1, 4]

Mitigation Strategies

Immediate mitigation steps include upgrading Firecracker to version v1.13.2, v1.14.1, or later, which contain patches that prevent symlink and hardlink attacks during the jailer binary copy process. If upgrading is not immediately possible, restrict access to the jailer directories by changing ownership and permissions to trusted users only. This can be done using commands such as `chown <trusted_user> <jailer_directory>` and `chmod 700 <jailer_directory>`. These steps help prevent local users from creating malicious symlinks that could be followed by the jailer running with root privileges. [1, 2, 3, 4]

Compliance Impact

The provided resources do not contain information on how CVE-2026-1386 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1386. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart