The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate (CVE-2026-39835)
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters (CVE-2026-39829)
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses (CVE-2026-39830)
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions (CVE-2026-39832)
golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey (CVE-2026-42508)
golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass (CVE-2026-27136)
golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting (CVE-2026-25681)
podman: Podman: Information disclosure via malicious container image environment variables (CVE-2026-57231)
Bug Fix(es) and Enhancement(s):
podman does not clean up all files and leaves orphaned files consuming disk space [rhel-10.2.z] (JIRA:Rocky Linux-173842)
[FJ10.2 Bug]: [REG]The "podman-remote save" command fails for rootless users. [rhel-10.2.z] (JIRA:Rocky Linux-192440)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.