CVE-2026-13434
- EPSS 0.16%
- Veröffentlicht 26.06.2026 16:00:43
- Zuletzt bearbeitet 06.07.2026 17:51:23
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-netwo...
CVE-2026-13325
- EPSS 0.18%
- Veröffentlicht 26.06.2026 10:41:01
- Zuletzt bearbeitet 06.07.2026 17:51:25
A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces (0.0.0.0/::) on a random port with no a...
CVE-2026-13322
- EPSS 0.09%
- Veröffentlicht 26.06.2026 00:04:07
- Zuletzt bearbeitet 06.07.2026 17:25:39
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A ...
CVE-2026-13318
- EPSS 0.15%
- Veröffentlicht 25.06.2026 23:23:38
- Zuletzt bearbeitet 06.07.2026 17:45:33
A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance (VMI), virt-api reads the target IP from vmi.Status.Interfaces[0].IP and passes it dir...
CVE-2026-13218
- EPSS 0.11%
- Veröffentlicht 25.06.2026 23:23:23
- Zuletzt bearbeitet 06.07.2026 17:46:14
A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can...
CVE-2026-13208
- EPSS 0.09%
- Veröffentlicht 24.06.2026 21:16:52
- Zuletzt bearbeitet 06.07.2026 17:51:17
A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity (namespace/name) solely from the request body without validating it against the connection's origin. ...
CVE-2026-13201
- EPSS 0.12%
- Veröffentlicht 24.06.2026 21:16:52
- Zuletzt bearbeitet 06.07.2026 17:51:20
A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following s...
CVE-2025-64324
- EPSS 0.21%
- Veröffentlicht 18.11.2025 22:10:19
- Zuletzt bearbeitet 25.11.2025 17:16:59
KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of thi...
CVE-2025-64433
- EPSS 0.48%
- Veröffentlicht 07.11.2025 23:07:31
- Zuletzt bearbeitet 25.11.2025 16:49:00
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handlin...
- EPSS 0.21%
- Veröffentlicht 07.11.2025 23:04:10
- Zuletzt bearbeitet 25.11.2025 17:16:45
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the...