GHSA-RH99-WC69-C255: CopyFile Policy Subversion via Symlinks in Edgeless Systems Contrast Vulnerability ID: GHSA-RH99-WC69-C255 CVSS Score: 8.4 Published: 2026-04-30 The Edgeless Systems Contrast CLI contains a high-severity vulnerability in its policy generation logic for the Kata Containers agent. It fails to properly restrict symbolic link resolution during CopyFile operations, allowing attackers to subvert container isolation policies and exfiltrate sensitive data from the Trusted Execution Environment (TEE). TL;DR Contrast CLI versions prior to v1.19.1 generate insecure policies for the Kata Containers agent. An attacker can use symbolic links to bypass CopyFile restrictions, accessing unauthorized files within the confidential virtual machine. Upgrading to v1.19.1 and regenerating policies remediates the issue.…