MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Privilege Escalation/ T1611

T1611Escape to Host

T1611 — Escape to Host is a MITRE ATT&CK technique in the Privilege Escalation tactic. Clankerusecase tracks 34 detection use cases covering it and 14 threat-intel articles citing it.

Privilege Escalation

View on the matrix → Filter Detection Library MITRE official spec ↗

34Use cases

14Articles

0Sub-techniques

1Tactic

Use cases covering this technique (34)

Container escape attempt detected Internal install · alerting DD Falco runtime-security alert Internal actions · alerting DD Kubernetes pod created with privileged flag Internal install · alerting DD [WEEKLY] Edge-service post-exploitation chain: internet-facing daemon → child shell or token redemption within 10 min of external request Internal actions · alerting DSPDD [WEEKLY] Language-runtime server (node/python/java) spawns OS shell shortly after inbound request — eval / sandbox-escape exploitation chain Internal exploit · alerting DSPDD [WEEKLY] Linux LPE chain — anomalous algif_aead/esp4/esp6/rxrpc kernel-module load followed by same-user root transition Internal exploit · alerting DSPDD [WEEKLY] Public-Facing App Runtime Spawns Shell, LOLBin, or Container-Control Tool Internal exploit · alerting DSΣPDD Cisco IOS XE Guestshell Activation and Destroy ESCU actions · hunting P Cisco Isovalent - Potential Escape to Host ESCU actions · hunting P Linux Docker Root Directory Mount ESCU actions · alerting P [LLM] Hyper-V worker process (vmwp.exe / vmms.exe) spawning unexpected child (guest-to-host escape) Bespoke exploit · alerting DSΣPDDCS [LLM] Unprivileged user namespace + nf_tables manipulation chain (CVE-2026-23111 exploitation) Bespoke exploit · alerting DSPDDCS [LLM] Jupyter Enterprise Gateway /api/kernels POST with KERNEL_* YAML-injection payload Bespoke exploit · hunting DSPDD [LLM] Privileged or root pod created by Jupyter Enterprise Gateway ServiceAccount Bespoke install · alerting SΣPDDCW [LLM] Enterprise Gateway service account creates privileged / hostPath / RBAC-escalating pod (CVE-2026-44181 post-exploit) Bespoke actions · alerting SΣPDDCW [LLM] Enterprise Gateway service account creates Jupyter kernel pod as root (CVE-2026-44180 outcome) Bespoke exploit · alerting SPDDCW [LLM] Jupyter kernel pod created with hostPath volume by enterprise-gateway SA Bespoke actions · alerting SPDDCW [LLM] Cron/persistence file written on Kubernetes worker node from container runtime context Bespoke install · alerting DSΣPDDCS [LLM] Privileged container launch — docker run --privileged from non-CI parent Bespoke exploit · alerting DSΣPDDCS [LLM] Container escape via cgroups release_agent write (CVE-2022-0492) Bespoke exploit · alerting DSΣPDDCS [LLM] runC binary modified outside package manager (CVE-2019-5736 / CVE-2024-21626) Bespoke install · alerting DSΣPDDCS [LLM] Node.js process spawns shell or LOLBin — vm2 sandbox escape post-exploitation (CVE-2026-47210) Bespoke exploit · alerting DSΣPDDCS [LLM] Node.js process spawning OS shell with enumeration commands — vm2 sandbox escape (CVE-2026-47137) Bespoke exploit · hunting DSΣPDDCS [LLM] OCI image extraction creates symlink with absolute path target (CWE-61 primitive) Bespoke exploit · alerting DSΣPDDCS [LLM] Boxlite sandbox writes to SSH authorized_keys (post-exploit RCE pivot) Bespoke install · alerting DSΣPDDCS [LLM] Portainer Swarm service spec with elevated Linux capabilities or unconfined Seccomp Bespoke exploit · alerting DSΣPDDCS [LLM] Container escape via chroot/nsenter against mounted host filesystem Bespoke actions · alerting DSΣPDDCS [LLM] Container start with docker.sock or sensitive host-path bind mount Bespoke exploit · alerting DSΣPDDCS [LLM] Docker local-driver volume created with type=none and o=bind (CVE-2026-44849 volume variant) Bespoke exploit · alerting DSΣPDDCS [LLM] Docker plugin runtime spawned from /var/lib/docker/plugins/ on host (CVE-2026-44848) Bespoke install · alerting DSΣPDDCS [LLM] Kubernetes privileged-pod DaemonSet fan-out from compromised LiteLLM workload Bespoke actions · hunting SPDD [LLM] Malicious privileged DaemonSet apply in kube-system (host-provisioner-iran / host-provisioner-std / kamikaze) Bespoke install · alerting DSΣPDDCS [LLM] Host-root mount wiper: chroot /mnt/host reboot -f or rm -rf / --no-preserve-root Bespoke actions · alerting DSΣPDDCS [LLM] Container PID 1 environment harvest via /proc/1/environ read Bespoke actions · hunting DSΣPDDCS

Articles citing this technique (14)

crit Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities art-76

crit One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public art-100

crit [GHSA / CRITICAL] CVE-2026-44182: Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering art-133

crit [GHSA / CRITICAL] CVE-2026-44181: Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execut art-134

crit [GHSA / CRITICAL] CVE-2026-44180: Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass art-135

crit Containers on fire: from container escapes to supply chain attacks art-158

crit [GHSA / CRITICAL] CVE-2026-47210: vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass art-174

crit [GHSA / CRITICAL] CVE-2026-47137: vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE art-175

crit [GHSA / CRITICAL] CVE-2026-46703: Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host art-223

crit [GHSA / CRITICAL] CVE-2026-44849: Portainer has an endpoint security bypass via Swarm service create/update art-297

crit [GHSA / CRITICAL] CVE-2026-44848: Portainer missing authorization on Docker plugin endpoints, which allows host RCE art-298

high You Patched LiteLLM, But Do You Know Your AI Blast Radius? art-414

high CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran art-444

med Snyk Fetch the Flag CTF 2023 writeup: Protect The Environment art-1321