diff --git a/pkg/cri/sbserver/container_create.go b/pkg/cri/sbserver/container_create.go
index 4ba4e1375..92b73390f 100644
--- a/pkg/cri/sbserver/container_create.go
+++ b/pkg/cri/sbserver/container_create.go
@@ -252,6 +252,11 @@ func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateConta
 		containerd.WithContainerExtension(containerMetadataExtension, &meta),
 	)
 
+	// When using sandboxed shims, containerd's runtime needs to know which sandbox shim instance to use.
+	if ociRuntime.SandboxMode == string(criconfig.ModeShim) {
+		opts = append(opts, containerd.WithSandbox(sandboxID))
+	}
+
 	var cntr containerd.Container
 	if cntr, err = c.client.NewContainer(ctx, id, opts...); err != nil {
 		return nil, fmt.Errorf("failed to create containerd container: %w", err)
diff --git a/pkg/cri/sbserver/sandbox_run.go b/pkg/cri/sbserver/sandbox_run.go
index 90642f2cb..d388ae2fe 100644
--- a/pkg/cri/sbserver/sandbox_run.go
+++ b/pkg/cri/sbserver/sandbox_run.go
@@ -257,12 +257,15 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox
 		}
 		return nil, fmt.Errorf("failed to start sandbox %q: %w", id, err)
 	}
+
 	// TODO: get rid of this. sandbox object should no longer have Container field.
-	container, err := c.client.LoadContainer(ctx, id)
-	if err != nil {
-		return nil, fmt.Errorf("failed to load container %q for sandbox: %w", id, err)
+	if ociRuntime.SandboxMode == string(criconfig.ModePodSandbox) {
+		container, err := c.client.LoadContainer(ctx, id)
+		if err != nil {
+			return nil, fmt.Errorf("failed to load container %q for sandbox: %w", id, err)
+		}
+		sandbox.Container = container
 	}
-	sandbox.Container = container
 
 	labels := resp.GetLabels()
 	if labels == nil {