CVE-2026-58053: Gitea act_runner Container Escape via Workflow Container Options — Docker Backend Bypass (CVSS 9.9)

nick

CVE-2026-58053: Gitea act_runner Container Escape via Workflow Container Options — Docker Backend Bypass (CVSS 9.9)

by

CVE: CVE-2026-58053 | CVSS 3.1: 9.9 (CRITICAL) | CWE: CWE-269 Improper Privilege Management | Vendor: Gitea | Product: act_runner (CI/CD runner) with Docker backend through act 0.262.0

What Is the Vulnerability

Gitea act_runner is the CI/CD pipeline execution engine for Gitea — a popular self-hosted Git platform. The Docker backend for act_runner passes a workflow’s container.options string directly to the Docker job container’s HostConfig without sanitization. When the runner is configured with privileged: false, only the Privileged flag is explicitly forced off — all other container options from the workflow definition are merged into the HostConfig unchanged.

An attacker who can submit or modify a CI/CD workflow can inject arbitrary Docker HostConfig options through the container.options field. The attack surface includes:

  • –pid=host — access the host process namespace, see all host processes
  • –cap-add=SYS_ADMIN — near-root Linux capabilities enabling container escape
  • –cap-add=SYS_PTRACE — process tracing and code injection
  • –security-opt flags — disable seccomp, AppArmor, and SELinux protections
  • –device=/dev/… — mount host devices into the container
  • –volume=/:/host — mount the host root filesystem

The runner’s privileged: false setting is completely bypassed because only that single flag is explicitly forced off — every other dangerous option passes through the merge. The result is container escape to the underlying CI/CD host, where the attacker gains access to build secrets, deployment keys, source code, and the entire CI/CD infrastructure.

This is particularly dangerous for public Gitea instances where anyone can submit a pull request with a malicious workflow. Even on private instances, any user with workflow write access (which is the standard permission for contributors) can exploit this.

Versions Affected

  • Gitea act_runner with Docker backend — through act 0.262.0
  • All configurations where the runner is set to privileged: false are affected — the bypass works regardless of this setting
  • Both self-hosted Gitea instances and Gitea.com cloud runners (if using act_runner with Docker backend)

Exploited?

Proof-of-concept exploit published. No confirmed active exploitation in the wild yet, but the PoC is publicly available at the Exploitarium repository. Given that CI/CD runners are high-value targets and the exploit requires only workflow write access (the standard permission for contributors), active exploitation is likely imminent. Public repositories are at highest risk — anyone can submit a pull request.

Fix

Upgrade act_runner to the patched version. The fix ensures that container.options are sanitized and dangerous HostConfig flags are stripped before being passed to the Docker backend, regardless of the privileged setting.

  • Primary fix: Upgrade Gitea act_runner to the latest patched version
  • Workaround (immediate): Restrict workflow execution to trusted contributors only. For public repositories, implement workflow approval gates that require manual review before CI/CD execution.
  • Alternative backend: Consider using the Kubernetes backend instead of Docker if available, though verify it is not similarly affected.

Recommendations

  • Patch act_runner immediately — CVSS 9.9 with public PoC demands urgent action.
  • Rotate all CI/CD secrets — if any runner has been compromised, all secrets accessible to it (deployment keys, API tokens, registry credentials, signing keys) should be considered exposed and rotated.
  • Audit runner hosts — check CI/CD runner hosts for unexpected processes, containers, or file modifications that could indicate prior compromise.
  • Review workflow definitions — audit existing workflow files for suspicious container.options configurations, particularly flags like –pid, –cap-add, –security-opt, –device, and –volume.
  • Implement workflow approval gates — for public repositories or repositories with external contributors, require manual approval before workflows execute.
  • Network segment CI/CD runners — runners should not have network access to production environments beyond what is strictly required.

References

Part of the Vulnerability Intelligence series on threat-modeling.com. CVSS 9.9 critical — public PoC available. CI/CD runner compromise exposes secrets, source code, and deployment pipelines. See the June 28, 2026 Vulnerability Intelligence Report for broader context.

Threat Modeling and Security by Design

Threat modeling and Security by Design methods, tools, and approaches to help secure your business and IT landscape.

Terms of Service | Privacy Policy

AI chatbot & help center by 99helpers.com

Threat Modeling
Threat Modeling Tool
Threat Modeling Tool Explainer
What is Threat Modeling?
STRIDE Threat Modeling
PASTA Threat Modeling
Automated Threat Modeling
Threat Modeling Framework
CISO Security Mind Map 2026
CIS Controls
OWASP Top 10

© Threat-Modeling.com

Connect with me

Enter your Email address if you want to connect and receive threat modeling updates (I won’t spam you or share your contact details).

AND / OR

Try my threat modeling tool, it's completely free to use.

Thanks for signing up!