StackPatch is liveSee product

Back to CVE digest
CVE-2026-53488 · cross-distro fix matrix

CVE-2026-53488: It was discovered that containerd incorrectly handled HTTP/2 SETTINGS

Affects 8 Linux releases across 26 (distro × package) combinations. First disclosed: 2026-06-25.

Fix per ecosystem

Each block below is a distro release where CVE-2026-53488 has a known fix. Run the listed command on that distro to remediate.

Ubuntu bionic

Source: Ubuntu USN

  • containerd→ fixed in1.6.12-0ubuntu1~18.04.1+esm4USN-8471-1
    sudo apt-get install --only-upgrade -y containerd
  • golang-github-containerd-containerd-dev→ fixed in1.6.12-0ubuntu1~18.04.1+esm4USN-8471-1
    sudo apt-get install --only-upgrade -y golang-github-containerd-containerd-dev

Ubuntu focal

Source: Ubuntu USN

  • containerd→ fixed in1.6.12-0ubuntu1~20.04.8+esm2USN-8471-1
    sudo apt-get install --only-upgrade -y containerd
  • golang-github-containerd-containerd-dev→ fixed in1.6.12-0ubuntu1~20.04.8+esm2USN-8471-1
    sudo apt-get install --only-upgrade -y golang-github-containerd-containerd-dev
  • containerd-app→ fixed in1.7.24-0ubuntu1~20.04.2+esm2USN-8472-1
    sudo apt-get install --only-upgrade -y containerd-app
  • containerd→ fixed in1.7.24-0ubuntu1~20.04.2+esm2USN-8472-1
    sudo apt-get install --only-upgrade -y containerd

Ubuntu jammy

Source: Ubuntu USN

  • containerd→ fixed in1.6.12-0ubuntu1~22.04.11USN-8471-1
    sudo apt-get install --only-upgrade -y containerd
  • golang-github-containerd-containerd-dev→ fixed in1.6.12-0ubuntu1~22.04.11USN-8471-1
    sudo apt-get install --only-upgrade -y golang-github-containerd-containerd-dev
  • containerd-app→ fixed in2.2.1-0ubuntu1~22.04.2USN-8472-1
    sudo apt-get install --only-upgrade -y containerd-app
  • containerd→ fixed in2.2.1-0ubuntu1~22.04.2USN-8472-1
    sudo apt-get install --only-upgrade -y containerd

Ubuntu noble

Source: Ubuntu USN

  • containerd→ fixed in1.6.24~ds1-1ubuntu1.3+esm3USN-8471-1
    sudo apt-get install --only-upgrade -y containerd
  • golang-github-containerd-containerd-dev→ fixed in1.6.24~ds1-1ubuntu1.3+esm3USN-8471-1
    sudo apt-get install --only-upgrade -y golang-github-containerd-containerd-dev
  • containerd-app→ fixed in2.2.1-0ubuntu1~24.04.3USN-8472-1
    sudo apt-get install --only-upgrade -y containerd-app
  • containerd→ fixed in2.2.1-0ubuntu1~24.04.3USN-8472-1
    sudo apt-get install --only-upgrade -y containerd

Ubuntu resolute

Source: Ubuntu USN

  • containerd→ fixed in1.7.24~ds1-10ubuntu1+esm1USN-8471-1
    sudo apt-get install --only-upgrade -y containerd
  • golang-github-containerd-containerd-api-dev→ fixed in1.7.24~ds1-10ubuntu1+esm1USN-8471-1
    sudo apt-get install --only-upgrade -y golang-github-containerd-containerd-api-dev
  • golang-github-containerd-containerd-dev→ fixed in1.7.24~ds1-10ubuntu1+esm1USN-8471-1
    sudo apt-get install --only-upgrade -y golang-github-containerd-containerd-dev
  • containerd-app→ fixed in2.2.2-0ubuntu1.1USN-8472-1
    sudo apt-get install --only-upgrade -y containerd-app
  • containerd→ fixed in2.2.2-0ubuntu1.1USN-8472-1
    sudo apt-get install --only-upgrade -y containerd
  • containerd-stable→ fixed in2.2.2-0ubuntu1.1USN-8473-1
    sudo apt-get install --only-upgrade -y containerd-stable

Ubuntu xenial

Source: Ubuntu USN

  • containerd→ fixed in1.2.6-0ubuntu1~16.04.6+esm7USN-8471-1
    sudo apt-get install --only-upgrade -y containerd
  • golang-github-docker-containerd-dev→ fixed in1.2.6-0ubuntu1~16.04.6+esm7USN-8471-1
    sudo apt-get install --only-upgrade -y golang-github-docker-containerd-dev

Ubuntu questing

Source: Ubuntu USN

  • containerd-app→ fixed in2.2.1-0ubuntu1~25.10.2USN-8472-1
    sudo apt-get install --only-upgrade -y containerd-app
  • containerd→ fixed in2.2.1-0ubuntu1~25.10.2USN-8472-1
    sudo apt-get install --only-upgrade -y containerd
  • containerd-stable→ fixed in2.1.6-0ubuntu1~25.10.2USN-8473-1
    sudo apt-get install --only-upgrade -y containerd-stable

Alpine edge

Source: Alpine secdb

  • containerd→ fixed in2.3.2-r0
    apk update && apk add --upgrade containerd
Are YOU affected by CVE-2026-53488?

5-second check on your actual server. Reads /etc/os-release, uname -r, and the distro's package manager; matches against this same cross-source index live.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan View on NVD
Continuous monitoring beats manual checking

CVE-2026-53488dropped silently in your distro's update channel. Every new CVE is the same story. StackPatch runs the matcher hourly against all 5 sources and emails the exact remediation when something new applies to one of your servers. From $9/mo, 14-day free trial, cancel anytime.

See StackPatch (from $9/mo)