Lucene search
K

753 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39594

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS5.9AI score0.00107EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39595

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS6AI score0.00149EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 12:16 a.m.11 views

CVE-2026-13218

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 12:16 a.m.8 views

CVE-2026-13322

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS0.00094EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 12:16 a.m.10 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS0.00149EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 12:4 a.m.14 views

CVE-2026-13322

CVE-2026-13322 affects KubeVirt, specifically the virt-handler on RHEL9, where the downward metrics virtio-serial server uses textproto.Reader.ReadLine() to read guest requests. The read is unbounded: there is no maximum length or read deadline, so a user with access to a VM guest can send an ong...

3.8CVSS5.8AI score0.00094EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 12:4 a.m.44 views

CVE-2026-13322 Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS0.00094EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 11:23 p.m.16 views

CVE-2026-13318

KubeVirt exposes an SSRF in virt-api port-forward: when handling a port-forward to a VirtualMachineInstance, virt-api reads vmi.Status.Interfaces[0].IP and dials it without validation. For VMIs using non-masquerade networks (bridge or secondary-only), this IP is supplied by the in-guest QEMU agen...

6.4CVSS6AI score0.00149EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.8 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS6AI score0.00149EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 11:23 p.m.8 views

CVE-2026-13218

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS5.9AI score0.00107EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 11:23 p.m.20 views

CVE-2026-13218

CVE-2026-13218 : In KubeVirt, the virt-handler network cache handling allows a symlink attack via WriteToCachedFile, which writes to a launcher-rooted path with os.WriteFile and os.Chown. A user inside the virt-launcher container can place a symlink at the cache path, causing virt-handler to foll...

4.2CVSS5.9AI score0.00107EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/06/25 11:23 p.m.46 views

CVE-2026-13218 Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS0.00107EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.8 views

CVE-2026-13218

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS5.9AI score0.00107EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 12:0 a.m.3 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the WriteToCachedFile function when handling network cache files in certain configurations. An attacker can overwrite specific host files and change their ownership by planting a symbolic lin...

4.2CVSS6.1AI score0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS0.00122EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-13208

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS0.0009EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 8:39 p.m.7 views

CVE-2026-13201 Kubevirt: virt-handler-rhel9: kubevirt: safepath symlink following in virt-handler enables notify socket hijacking and node-level vm disruption

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS6AI score0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:39 p.m.5 views

EUVD-2026-39086

A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream helpers operate via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel dereferences it, defeating the...

5.2CVSS5.8AI score0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 8:39 p.m.5 views

EUVD-2026-39087

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS5.8AI score0.0009EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 8:39 p.m.20 views

CVE-2026-13208 Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS0.0009EPSS
Exploits0References2
Rows per page
Query Builder