4.2
CVE-2026-13218
- EPSS 0.11%
- Veröffentlicht 25.06.2026 23:23:23
- Zuletzt bearbeitet 06.07.2026 17:46:14
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher
A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causing virt-handler to follow it and overwrite an arbitrary host file with JSON content and change its ownership.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Openshift Virtualization Version >= 4 <= 4.22.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.014 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 4.2 | 1.1 | 2.7 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L
|
CWE-61 UNIX Symbolic Link (Symlink) Following
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
https://access.redhat.com/security/cve/CVE-2026-13218
https://bugzilla.redhat.com/show_bug.cgi?id=2492654