CVE-2026-6383

EPSS 0.03%
Veröffentlicht 15.04.2026 18:22:30
Zuletzt bearbeitet 17.04.2026 15:08:01
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation

A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources, potentially disclosing sensitive information or performing actions they are not permitted to do. Additionally, legitimate users may be denied access to resources.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRed Hat

≫

Produkt Red Hat OpenShift Virtualization 4

Default Statusaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://access.redhat.com/security/cve/CVE-2026-6383

https://bugzilla.redhat.com/show_bug.cgi?id=2458741

https://nvd.nist.gov/vuln/detail/CVE-2026-6383

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-6383

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-6383

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-6383