7.7

CVE-2026-9804

Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod's filesystem. This leads to information disclosure, potentially exposing sensitive data.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
Produkt Red Hat Container Native Virtualization 4.17
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Container Native Virtualization 4.18
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Container Native Virtualization 4.19
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Container Native Virtualization 4.20
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat Container Native Virtualization 4.21
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Virtualization 4
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.399
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.7 3.1 4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.7 3.1 4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://access.redhat.com/security/cve/CVE-2026-9804
https://bugzilla.redhat.com/show_bug.cgi?id=2482487
https://access.redhat.com/errata/RHSA-2026:27914
https://access.redhat.com/errata/RHSA-2026:27983
https://access.redhat.com/errata/RHSA-2026:28002
https://access.redhat.com/errata/RHSA-2026:27903
https://access.redhat.com/errata/RHSA-2026:27913
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9804.json