AWS has issued a critical bulletin regarding vulnerabilities in containerd, a container runtime used by Kubernetes. Five specific issues have been identified in the containerd CRI plugin. These vulnerabilities affect versions 1.7 through 2.3 of containerd. The identified CVEs include local image tag poisoning, command execution via image configuration, CDI annotation smuggling, arbitrary host file reading, and a denial-of-service attack triggered by images. These issues impact a range of AWS managed container services. This includes Amazon EKS, Amazon ECS, AWS Fargate, Bottlerocket, and Amazon Linux. The bulletin urges users to pay close attention to these security findings. Users should consult the linked article for the most current and comprehensive details. Immediate action may be required to mitigate potential risks.