Lucene search
K

4 matches found

CVE
CVE
added 2026/02/21 5:36 a.m.18 views

CVE-2026-27211

Cloud Hypervisor (versions 34.0–50.0) is vulnerable to arbitrary host file exfiltration when using virtio-block devices backed by raw images. A malicious guest can overwrite a disk header with a crafted QCOW2 structure pointing to a sensitive host path; on the next VM boot or disk scan, image for...

10CVSS5.6AI score0.005EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/02/21 5:36 a.m.23 views

CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

9.1CVSS0.005EPSS
Exploits1References7
OSV
OSV
added 2026/02/21 5:36 a.m.8 views

CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration constrained by process privileges when using virtio-block devices backed by raw images. A malicious guest can overwrite its disk header with a crafted...

9.1CVSS5.7AI score0.005EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2024/08/07 1:23 p.m.21 views

openstack-nova: Regression VMDK/qcow arbitrary file access

An arbitrary file access flaw was found in Nova. By supplying a RAW format image, a specially crafted QCOW2 image with a backing file path, or a VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file’s contents from the...

6.5CVSS5.8AI score0.00941EPSS
Exploits1References5
Rows per page
Query Builder