Primary

Context

Firecracker Jailer Component Symlink Vulnerability Allowing Arbitrary File Overwrite

Vulnerability

Patched

A vulnerability exists in the Jailer component of Firecracker versions through 1.13.1 and 1.14.0 on Linux. This issue allows a local user with write access to the Jailer directories to overwrite arbitrary host files. The vulnerability arises from a symbolic link following flaw, where the Jailer, executed with root privileges, can be manipulated during the initialization process at startup.

Impact

Exploitation of this vulnerability could lead to unauthorized overwriting of files on the host system, potentially causing data loss or corruption.

Remediation

Users should upgrade to Firecracker versions 1.13.2 or 1.14.1. If an upgrade is not possible, the Jailer folder can be protected using UNIX user permissions to restrict access to trusted users.

Added: Jan 23, 2026, 9:19 PM

Updated: Jan 23, 2026, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

6.7

exploitability

2.9

remediation

7.9

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

6.7

exploitability

2.9

remediation

7.9

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Firecracker Jailer Component Symlink Vulnerability Allowing Arbitrary File Overwrite

Vulnerability

Impact

Remediation

Affected Products

Firecracker

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating