diff --git a/virtcontainers/sandbox.go b/virtcontainers/sandbox.go
index fcc4697e1a..d941a675b6 100644
--- a/virtcontainers/sandbox.go
+++ b/virtcontainers/sandbox.go
@@ -1116,6 +1116,13 @@ func (s *Sandbox) CreateContainer(contConfig ContainerConfig) (VCContainer, erro
 	// Update sandbox config.
 	s.config.Containers = append(s.config.Containers, contConfig)
 
+	defer func() {
+		if err != nil && len(s.config.Containers) > 0 {
+			// delete container config
+			s.config.Containers = s.config.Containers[:len(s.config.Containers)-1]
+		}
+	}()
+
 	// Sandbox is reponsable to update VM resources needed by Containers
 	err = s.updateResources()
 	if err != nil {
@@ -1128,7 +1135,7 @@ func (s *Sandbox) CreateContainer(contConfig ContainerConfig) (VCContainer, erro
 	}
 
 	// Add the container to the containers list in the sandbox.
-	if err := s.addContainer(c); err != nil {
+	if err = s.addContainer(c); err != nil {
 		return nil, err
 	}
 
@@ -1138,7 +1145,7 @@ func (s *Sandbox) CreateContainer(contConfig ContainerConfig) (VCContainer, erro
 		return nil, err
 	}
 
-	if err := s.updateCgroups(); err != nil {
+	if err = s.updateCgroups(); err != nil {
 		return nil, err
 	}
 
diff --git a/virtcontainers/sandbox_test.go b/virtcontainers/sandbox_test.go
index fb7892e3b0..df2a16a3fe 100644
--- a/virtcontainers/sandbox_test.go
+++ b/virtcontainers/sandbox_test.go
@@ -909,6 +909,12 @@ func TestCreateContainer(t *testing.T) {
 	contConfig := newTestContainerConfigNoop(contID)
 	_, err = s.CreateContainer(contConfig)
 	assert.Nil(t, err, "Failed to create container %+v in sandbox %+v: %v", contConfig, s, err)
+
+	assert.Equal(t, len(s.config.Containers), 1, "Container config list length from sandbox structure should be 1")
+
+	_, err = s.CreateContainer(contConfig)
+	assert.NotNil(t, err, "Should failed to create a duplicated container")
+	assert.Equal(t, len(s.config.Containers), 1, "Container config list length from sandbox structure should be 1")
 }
 
 func TestDeleteContainer(t *testing.T) {