CVE-2026-13325

🗓️ 26 Jun 2026 10:41:01Reported by redhatType

KubeVirt migrate proxy with disableTLS binds unauthenticated libvirt RPC on all interfaces, enabling pod-level VM control.

Reporter	Title	Published	Views	Family All 6
ATTACKERKB	CVE-2026-13325	26 Jun 202610:41	–	attackerkb
Cvelist	CVE-2026-13325 Virt-handler-rhel9: kubevirt: kubevirt: disabletls migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces	26 Jun 202610:41	–	cvelist
EUVD	EUVD-2026-39645	26 Jun 202610:41	–	euvd
NVD	CVE-2026-13325	26 Jun 202611:16	–	nvd
Positive Technologies	PT-2026-52690	26 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-13325	26 Jun 202610:41	–	redhatcve

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Virtualization 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "container-native-virtualization/virt-handler",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:container_native_virtualization:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Virtualization 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "container-native-virtualization/virt-handler-rhel9",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:container_native_virtualization:4"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2026-13325
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

26 Jun 2026 11:16Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.18.5

CWE-306