CVE-2026-24835
📋 TL;DR
A critical authentication bypass vulnerability in Podman Desktop allows any installed extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions. This enables malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. All Podman Desktop users running versions prior to 1.25.1 are affected.
💻 Affected Systems
- Podman Desktop
📦 What is this software?
Podman Desktop by Linuxfoundation
⚠️ Risk & Real-World Impact
Worst Case
Malicious extension gains complete control over all container and Kubernetes operations, accesses sensitive data, impersonates users across integrated systems, and potentially pivots to other infrastructure.
Likely Case
Malicious extension steals authentication tokens, accesses container registries, manipulates running containers, and exfiltrates sensitive configuration data.
If Mitigated
Limited impact if no malicious extensions are installed and network segmentation restricts access to sensitive resources.
🎯 Exploit Status
Exploitation requires a malicious extension to be installed, but once installed, the bypass is trivial due to the unconditional return of true in isAccessAllowed().
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.25.1
Vendor Advisory: https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg34-6g9m
Restart Required: Yes
Instructions:
1. Open Podman Desktop. 2. Go to Settings > Updates. 3. Check for updates and install version 1.25.1 or later. 4. Restart Podman Desktop after installation completes.
🔧 Temporary Workarounds
Disable all extensions
allRemove or disable all extensions to prevent exploitation while awaiting patch.
podman-desktop --disable-extensions
Restrict extension installation
allOnly install extensions from trusted sources and review permissions carefully.
🧯 If You Can't Patch
- Immediately audit and remove any untrusted or unnecessary extensions from Podman Desktop.
- Implement network segmentation to isolate Podman Desktop instances from sensitive container registries and Kubernetes clusters.
🔍 How to Verify
Check if Vulnerable:
Check Podman Desktop version in Settings > About. If version is below 1.25.1, the system is vulnerable.Check Version:
podman-desktop --versionVerify Fix Applied:
After updating, verify version is 1.25.1 or higher in Settings > About and test that extensions cannot bypass authentication prompts.📡 Detection & Monitoring
Log Indicators:
- Unexpected authentication bypass events in extension logs
- Extensions accessing resources without proper permission prompts
Network Indicators:
- Extensions making unauthorized API calls to container registries or Kubernetes APIs
SIEM Query:
source="podman-desktop" AND (event="authentication_bypass" OR event="unauthorized_access")