Critical Container Escape Flaw F1085 Remains Unpatched on origin/main Branch

A critical security vulnerability allowing container escape through path traversal remains exploitable on the origin/main branch, according to a newly disclosed GitHub issue. The flaw, designated F1085, exists in the deleteViaEphemeral function within container_files.go and exploits how the rm command handles multiple directory arguments. The vulnerability has a known fix staged for deployment, but the protected branch still runs the vulnerable code, raising urgent risk for any systems operating on current main deployments.

The core issue lies in how rm receives two separate path arguments. At line 174, the code executes: rm -rf /configs filePath, where filePath originates from user-controlled input. While validateRelPath strips ".." sequences from the input, the two-argument rm form causes the shell or rm binary to process the paths differently. An attacker submitting filePath as "foo/../bar" passes both /configs and foo/../bar to rm, which then deletes both the intended /configs volume mount and an external "bar" directory. The path validation function cleans the input to "bar" and approves it as safe, but rm interprets the ".." literally when resolving paths across separate mount boundaries, bypassing the intended scope restriction entirely.

The staged fix consolidates both paths into a single argument: /configs/ + filePath. This modification ensures rm receives one unified path and processes ".." components literally rather than allowing directory traversal across mount points. Organizations running code from origin/main should immediately assess whether deleteViaEphemeral is exposed to untrusted input and consider applying the single-argument patch or implementing compensating controls around volume mount permissions. The discrepancy between the vulnerable main branch and the protected staging environment highlights a deployment gap that could expose containerized workloads to privilege escalation if the function handles user-supplied filenames without strict sanitization upstream.