Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows…

Podman Desktop versions prior to 1.26.2 contain a critical vulnerability in an unauthenticated HTTP server that allows remote network attackers to trigger denial-of-service conditions and extract sensitive information. The vulnerability exploits missing connection limits and timeouts to exhaust file descriptors and kernel memory, potentially causing application crashes or full host freeze. Additionally, verbose error responses disclose internal paths and system details including usernames on Windows systems. The vulnerability requires no authentication or user interaction and is remotely exploitable over the network. This issue has been fixed in version 1.26.2.