Search criteria

2 vulnerabilities found for Red Hat Container Native Virtualization 4.19 by Red Hat

CVE-2026-9804 (GCVE-0-2026-9804)

Vulnerability from cvelistv5 – Published: 2026-05-28 08:15 – Updated: 2026-06-30 12:10
VLAI?
Title
Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read
Summary
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod's filesystem. This leads to information disclosure, potentially exposing sensitive data.
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
https://access.redhat.com/errata/RHSA-2026:27903 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27913 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27914 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27983 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:28002 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9804 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2482487 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Container Native Virtualization 4.17 Unaffected: 1781757410 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.17::el9
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.18 Unaffected: 1781928221 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.18::el9
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.19 Unaffected: 1781590993 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.19::el9
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.20 Unaffected: 1781838712 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.20::el9
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.21 Unaffected: 1782012918 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.21::el9
Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
Create a notification for this product.
Credits
Red Hat would like to thank Thai Son Dinh, GitHub: @sondt99 (VinSOC) for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9804",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-30T01:54:32.833433Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-30T01:54:43.739Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.20",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.21",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Virtualization 4",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-05-28T06:00:00.000Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in KubeVirt\u0027s virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod\u0027s filesystem. This leads to information disclosure, potentially exposing sensitive data."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-59",
                "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:10:49.089Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-9804"
          },
          {
            "name": "RHBZ#2482487",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482487"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9804.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:28002"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27913"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27914"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27983"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27903"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:28002: Red Hat Container Native Virtualization 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27913: Red Hat Container Native Virtualization 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27914: Red Hat Container Native Virtualization 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27983: Red Hat Container Native Virtualization 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27903: Red Hat Container Native Virtualization 4.21"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-05-18T00:00:00.000Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-05-28T06:00:00.000Z",
            "value": "Made public."
          }
        ],
        "title": "kubevirt: kubevirt: VMExport directory symlink escape enables exporter pod file read",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-exportserver-rhel9",
          "product": "Red Hat Container Native Virtualization 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1781757410",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-exportserver-rhel9",
          "product": "Red Hat Container Native Virtualization 4.18",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1781928221",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-exportserver-rhel9",
          "product": "Red Hat Container Native Virtualization 4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1781590993",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.20::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-exportserver-rhel9",
          "product": "Red Hat Container Native Virtualization 4.20",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1781838712",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.21::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-exportserver-rhel9",
          "product": "Red Hat Container Native Virtualization 4.21",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782012918",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-exportserver",
          "product": "Red Hat OpenShift Virtualization 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Thai Son Dinh, GitHub: @sondt99 (VinSOC) for reporting this issue."
        }
      ],
      "datePublic": "2026-05-28T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in KubeVirt\u0027s virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod\u0027s filesystem. This leads to information disclosure, potentially exposing sensitive data."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-22T19:24:45.875Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:27903",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:27903"
        },
        {
          "name": "RHSA-2026:27913",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:27913"
        },
        {
          "name": "RHSA-2026:27914",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:27914"
        },
        {
          "name": "RHSA-2026:27983",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:27983"
        },
        {
          "name": "RHSA-2026:28002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:28002"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9804"
        },
        {
          "name": "RHBZ#2482487",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482487"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-18T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-28T06:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9804",
    "datePublished": "2026-05-28T08:15:39.779Z",
    "dateReserved": "2026-05-28T06:10:07.134Z",
    "dateUpdated": "2026-06-30T12:10:49.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-7374 (GCVE-0-2026-7374)

Vulnerability from cvelistv5 – Published: 2026-05-26 13:14 – Updated: 2026-06-30 12:10
VLAI?
Title
Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability
Summary
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
https://access.redhat.com/errata/RHSA-2026:20720 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20736 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20763 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20767 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20782 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20825 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20866 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20886 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20890 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20975 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-7374 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2463728 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Container Native Virtualization 4.12 Unaffected: 1779375376 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.12::el8
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.13 Unaffected: 1778999881 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.13::el9
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.14 Unaffected: 1779321599 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.14::el9
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.15 Unaffected: 1778859977 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.15::el9
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.16 Unaffected: 1778861274 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.16::el9
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.17 Unaffected: 1779174925 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.17::el9
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.18 Unaffected: 1778887155 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.18::el9
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.19 Unaffected: 1779289071 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.19::el9
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.20 Unaffected: 1779288737 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.20::el9
Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.21 Unaffected: 1779420069 , < * (rpm)
    cpe:/a:redhat:container_native_virtualization:4.21::el9
Create a notification for this product.
Credits
This issue was discovered by Sarah Bennert (Red Hat) and Stoyan Nikolov (Red Hat).
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-7374",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T03:55:39.340Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.12::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.12",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.13::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.14::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.15::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.20",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.21",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-05-26T12:30:00.000Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in KubeVirt\u0027s virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host\u0027s container runtime (CRI-O) socket, an attacker can hijack virt-handler\u0027s privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.9,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-59",
                "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:10:58.219Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-7374"
          },
          {
            "name": "RHBZ#2463728",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463728"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-7374.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20825"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20886"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20890"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20866"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20975"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20763"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20736"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20767"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20782"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20720"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:20825: Red Hat Container Native Virtualization 4.12"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20886: Red Hat Container Native Virtualization 4.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20890: Red Hat Container Native Virtualization 4.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20866: Red Hat Container Native Virtualization 4.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20975: Red Hat Container Native Virtualization 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20763: Red Hat Container Native Virtualization 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20736: Red Hat Container Native Virtualization 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20767: Red Hat Container Native Virtualization 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20782: Red Hat Container Native Virtualization 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20720: Red Hat Container Native Virtualization 4.21"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-22T07:20:25.000Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-05-26T12:30:00.000Z",
            "value": "Made public."
          }
        ],
        "title": "kubevirt: KubeVirt virt-handler: Privilege escalation and node compromise via symlink following vulnerability",
        "workarounds": [
          {
            "lang": "en",
            "value": "Update cluster RBAC to not allow exec into virt-launcher pods."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.12::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-handler",
          "product": "Red Hat Container Native Virtualization 4.12",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779375376",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.13::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-handler-rhel9",
          "product": "Red Hat Container Native Virtualization 4.13",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778999881",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-handler-rhel9",
          "product": "Red Hat Container Native Virtualization 4.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779321599",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.15::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-handler-rhel9",
          "product": "Red Hat Container Native Virtualization 4.15",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778859977",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-handler-rhel9",
          "product": "Red Hat Container Native Virtualization 4.16",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778861274",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-handler-rhel9",
          "product": "Red Hat Container Native Virtualization 4.17",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779174925",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-handler-rhel9",
          "product": "Red Hat Container Native Virtualization 4.18",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1778887155",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.19::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-handler-rhel9",
          "product": "Red Hat Container Native Virtualization 4.19",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779289071",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.20::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-handler-rhel9",
          "product": "Red Hat Container Native Virtualization 4.20",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779288737",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:container_native_virtualization:4.21::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "container-native-virtualization/virt-handler-rhel9",
          "product": "Red Hat Container Native Virtualization 4.21",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779420069",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Sarah Bennert (Red Hat) and Stoyan Nikolov (Red Hat)."
        }
      ],
      "datePublic": "2026-05-26T12:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in KubeVirt\u0027s virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host\u0027s container runtime (CRI-O) socket, an attacker can hijack virt-handler\u0027s privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-15T18:55:34.630Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:20720",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:20720"
        },
        {
          "name": "RHSA-2026:20736",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:20736"
        },
        {
          "name": "RHSA-2026:20763",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:20763"
        },
        {
          "name": "RHSA-2026:20767",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:20767"
        },
        {
          "name": "RHSA-2026:20782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:20782"
        },
        {
          "name": "RHSA-2026:20825",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:20825"
        },
        {
          "name": "RHSA-2026:20866",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:20866"
        },
        {
          "name": "RHSA-2026:20886",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:20886"
        },
        {
          "name": "RHSA-2026:20890",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:20890"
        },
        {
          "name": "RHSA-2026:20975",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:20975"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-7374"
        },
        {
          "name": "RHBZ#2463728",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463728"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-22T07:20:25.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-26T12:30:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "Update cluster RBAC to not allow exec into virt-launcher pods."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-7374",
    "datePublished": "2026-05-26T13:14:53.851Z",
    "dateReserved": "2026-04-29T06:46:44.106Z",
    "dateUpdated": "2026-06-30T12:10:58.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}