Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

48 matches found

EUVD
EUVDadded 3 hours ago4 views

EUVD-2026-39595

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS6AI score
Exploits0References3
CVE
CVEadded yesterday9 views

CVE-2026-13318

KubeVirt exposes an SSRF in virt-api port-forward: when handling a port-forward to a VirtualMachineInstance, virt-api reads vmi.Status.Interfaces[0].IP and dials it without validation. For VMIs using non-masquerade networks (bridge or secondary-only), this IP is supplied by the in-guest QEMU agen...

6.4CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVEadded yesterday7 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS6AI score
Exploits0References3
Chainguard
Chainguardadded 2026/04/21 1:17 a.m.6 views

GHSA-J6CV-3W8P-VRG8 vulnerabilities

Vulnerabilities for packages: virt-api, virt-api-fips, virt-operator-fips, virt-controller, virt-controller-fips, virt-handler, virt-handler-fips, virt-operator...

5.8AI score
Exploits0
Chainguard
Chainguardadded 2026/04/21 1:17 a.m.8 views

CVE-2026-6383 vulnerabilities

Vulnerabilities for packages: virt-api, virt-api-fips, virt-operator-fips, virt-controller, virt-controller-fips, virt-handler, virt-handler-fips, virt-operator...

5.4CVSS5.8AI score0.0015EPSS
Exploits0
Chainguard
Chainguardadded 2026/04/11 2:18 a.m.11 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: minc, tekton-chains-fips, newrelic-infra-operator, prometheus-pushgateway-fips, local-path-provisioner-fips, kyverno-policy-reporter-plugins-kyverno, newrelic-fluent-bit-output-fips, stakater-reloader-fips, kyverno-policy-reporter-kyverno-plugin,...

7.5CVSS7.1AI score0.00449EPSS
Exploits0
Veracode
Veracodeadded 2026/04/07 4:26 p.m.5 views

Improper Certificate Validation

kubevirt.io/kubevirt is vulnerable to improper certificate validation. The vulnerability is due to flawed peer verification logic in virt-handler, which allows an attacker to exploit shared credentials from a compromised instance to impersonate virt-api and execute privileged operations on other...

6.3CVSS6AI score0.0016EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVEadded 2025/11/11 12:23 a.m.1 views

SUSE CVE-2025-64434

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler via verifyPeerCert, an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileg...

6.3CVSS7AI score0.0016EPSS
Exploits1References7
Snyk
Snykadded 2025/11/07 11:41 p.m.2 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to insufficient peer verification logic in the verifyPeerCert function. An attacker can impersonate privileged API components and execute unauthorized operations by compromising a single instance and...

6.5CVSS5.5AI score0.0016EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/11/07 10:54 p.m.5 views

CVE-2025-64434 KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler via verifyPeerCert, an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileg...

4.7CVSS0.0016EPSS
Exploits1References4
Snyk
Snykadded 2025/11/07 7:44 p.m.4 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the virt-api component failing to validate the CN field in client TLS certificates against allowed values in the extension-apiserver-authentication configmap. An attacker can...

6.5CVSS5.4AI score0.00129EPSS
Exploits1References2
Snyk
Snykadded 2025/11/07 7:44 p.m.2 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the virt-api component failing to validate the CN field in client TLS certificates against allowed values in the extension-apiserver-authentication configmap. An attacker can...

6.5CVSS5.4AI score0.00129EPSS
Exploits1References2
Snyk
Snykadded 2025/11/07 7:44 p.m.3 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the virt-api component failing to validate the CN field in client TLS certificates against allowed values in the extension-apiserver-authentication configmap. An attacker can...

6.5CVSS5.4AI score0.00129EPSS
Exploits1References2
NVD
NVDadded 2025/11/07 7:16 p.m.9 views

CVE-2025-64432

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...

4.7CVSS0.00129EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/11/07 6:38 p.m.9 views

CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...

4.7CVSS0.00129EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2025/11/06 11:35 p.m.8 views

KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing

Summary Due to improper TLS certificate management, a compromised virt-handler could impersonate virt-api by using its own TLS credentials, allowing it to initiate privileged operations against another virt-handler. Details Give all details on the vulnerability. Pointing to the incriminated sourc...

6.3CVSS5.8AI score0.0016EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2025/11/06 11:35 p.m.3 views

GHSA-GGP9-C99X-54GP KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing

Summary Due to improper TLS certificate management, a compromised virt-handler could impersonate virt-api by using its own TLS credentials, allowing it to initiate privileged operations against another virt-handler. Details Give all details on the vulnerability. Pointing to the incriminated sourc...

4.7CVSS5.8AI score0.0016EPSS
Exploits1References6
OSV
OSVadded 2025/11/06 11:32 p.m.3 views

GHSA-38JW-G2QX-4286 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer

Summary Short summary of the problem. Make the impact and severity as clear as possible. A flawed implementation of the Kubernetes aggregation layer's authentication flow could enable bypassing RBAC controls. Details Give all details on the vulnerability. Pointing to the incriminated source code ...

4.7CVSS7.6AI score0.00129EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2025/11/06 11:32 p.m.7 views

KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer

Summary Short summary of the problem. Make the impact and severity as clear as possible. A flawed implementation of the Kubernetes aggregation layer's authentication flow could enable bypassing RBAC controls. Details Give all details on the vulnerability. Pointing to the incriminated source code ...

4.7CVSS7.6AI score0.00129EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologiesadded 2025/11/06 12:0 a.m.4 views

PT-2025-45512

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.3 KubeVirt versions prior to 1.6.1 Description KubeVirt is a virtual machine management add-on for Kubernetes. A flaw exists in the peer verification logic within virt-handler via the verifyPeerCert function. An...

6.3CVSS5.4AI score0.0016EPSS
Exploits1References13
Rows per page
Query Builder