Three serious vulnerabilities in the runC container runtime could allow attackers to bypass isolation and gain root access to the host system. The flaws affect multiple versions of runC, with potential exploits requiring the ability to configure custom mounts. While no active exploitation has been reported, developers recommend using mitigations like user namespaces and rootless containers.