CVE-2026-13434
- EPSS 0.16%
- Veröffentlicht 26.06.2026 16:00:43
- Zuletzt bearbeitet 06.07.2026 17:51:23
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-netwo...
CVE-2026-13325
- EPSS 0.18%
- Veröffentlicht 26.06.2026 10:41:01
- Zuletzt bearbeitet 06.07.2026 17:51:25
A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces (0.0.0.0/::) on a random port with no a...
CVE-2026-13322
- EPSS 0.09%
- Veröffentlicht 26.06.2026 00:04:07
- Zuletzt bearbeitet 06.07.2026 17:25:39
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A ...
CVE-2026-13318
- EPSS 0.15%
- Veröffentlicht 25.06.2026 23:23:38
- Zuletzt bearbeitet 06.07.2026 17:45:33
A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance (VMI), virt-api reads the target IP from vmi.Status.Interfaces[0].IP and passes it dir...
CVE-2026-13218
- EPSS 0.11%
- Veröffentlicht 25.06.2026 23:23:23
- Zuletzt bearbeitet 06.07.2026 17:46:14
A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can...
CVE-2026-13208
- EPSS 0.09%
- Veröffentlicht 24.06.2026 21:16:52
- Zuletzt bearbeitet 06.07.2026 17:51:17
A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity (namespace/name) solely from the request body without validating it against the connection's origin. ...
CVE-2026-13201
- EPSS 0.12%
- Veröffentlicht 24.06.2026 21:16:52
- Zuletzt bearbeitet 06.07.2026 17:51:20
A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following s...
CVE-2026-9804
- EPSS 0.52%
- Veröffentlicht 28.05.2026 08:15:39
- Zuletzt bearbeitet 30.06.2026 03:21:48
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesy...
CVE-2026-7374
- EPSS 0.6%
- Veröffentlicht 26.05.2026 13:14:53
- Zuletzt bearbeitet 30.06.2026 03:21:21
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By...
CVE-2026-6383
- EPSS 0.15%
- Veröffentlicht 15.04.2026 18:22:30
- Zuletzt bearbeitet 17.04.2026 15:08:01
A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom ro...