98 matches found
Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability
...
CVE-2026-7374
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...
CVE-2026-7374
CVE-2026-7374 describes a vulnerability in KubeVirt’s virt-handler where improper symlink validation during VM console socket connections allows an authenticated OpenShift user with namespace-level edit permissions to hijack virt-handler’s privileged connection. By substituting the console socket...
CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...
EUVD-2026-31824
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...
CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...
CVE-2026-7374
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...
CVE-2026-7374
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...
PT-2026-43242
Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw in the virt-handler component allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual...
Kubevirt 后置链接漏洞
Kubevirt is an open-source virtual machine manager developed by KubeVirt. Kubevirt has a post-installation vulnerability, which stems from improper verification of symbolic links. This vulnerability may allow authenticated OpenShift users to manipulate the console socket in a single namespace by...
Improper Privilege Management
kubevirt.io/kubevirt is vulnerable to improper privilege management. The vulnerability is due to excessive permissions granted to the virt-handler service account, which allows an attacker to abuse update and patch capabilities to force VMI migration or schedule privileged pods onto a compromised...
Improper Certificate Validation
kubevirt.io/kubevirt is vulnerable to improper certificate validation. The vulnerability is due to flawed peer verification logic in virt-handler, which allows an attacker to exploit shared credentials from a compromised instance to impersonate virt-api and execute privileged operations on other...
CVE-2025-64434
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler via verifyPeerCert, an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileg...
CVE-2025-64437
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...
CVE-2025-64436
KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could...
SUSE CVE-2025-64434
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler via verifyPeerCert, an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileg...
SUSE CVE-2025-64436
KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could...
SUSE CVE-2025-64437
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to excessive permissions granted to the virt-handler service account. An attacker can initiate unauthorized migrations of virtual machine instances to attacker-controlled nodes or mark all nodes as...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to excessive permissions granted to the virt-handler service account. An attacker can initiate unauthorized migrations of virtual machine instances to attacker-controlled nodes or mark all nodes as...