The container runtime environment is configured insecurely, allowing a process within a container to escape to the host system through privileged mode, mounted sockets, or kernel exploits.
An attacker who escapes a container could access the host system, compromise other containers, access sensitive data on the host, or gain control of the container orchestration platform.
Never run containers in privileged mode. Avoid mounting the Docker socket inside containers. Use read-only file systems. Implement seccomp profiles and AppArmor/SELinux policies. Keep the container runtime and kernel updated. Use rootless containers.