Severity by source
AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
API is network-reachable (AV:N); non-default feature gate required raises complexity (AC:H); kubevirt.io:edit tenant role needed (PR:L); cross-namespace network impact changes scope (S:C); no availability impact.
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or sanitization. The only admission check rejects empty strings; no DNS-1123 format validation, JSON detection, or special character rejection is performed. When the ExternalNetResourceInjection Beta feature gate is enabled (off by default, cluster-admin only), the NAD lookup that would otherwise catch malformed names is skipped by design. A tenant with kubevirt.io:edit permissions can inject a JSON-formatted NetworkSelectionElement array specifying an arbitrary namespace, NAD name, static IP address, and MAC address. Multus on the node parses this JSON and attaches the launcher pod to the specified network attachment in any namespace, enabling cross-namespace network access and IP/MAC impersonation on network segments normally segregated from tenant workloads. The ExternalNetResourceInjection feature gate was introduced in KubeVirt v1.8.0 (first shipped in OpenShift Virtualization 4.21).
AnalysisAI
Network annotation injection in KubeVirt's VirtualMachineInstance API allows authenticated tenants to attach launcher pods to arbitrary network namespaces by writing unsanitized JSON into the Multus CNI default-network annotation. Exploitation is gated on the ExternalNetResourceInjection Beta feature gate being explicitly enabled by a cluster-admin (off by default, first available in OpenShift Virtualization 4.21), which intentionally bypasses the NAD namespace lookup that would otherwise reject malformed annotation values. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires both of the following conditions to be simultaneously true: (1) the ExternalNetResourceInjection Beta feature gate must be explicitly enabled by a cluster-admin - this is off by default and was only introduced in KubeVirt v1.8.0/OpenShift Virtualization 4.21, meaning all earlier versions and all default-configuration deployments of any version are not exploitable; (2) the attacker must hold kubevirt.io:edit permissions on the targeted namespace, which is a legitimate tenant role explicitly granted by cluster administrators. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 4.9 with vector AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N accurately reflects the risk profile: network-reachable via the Kubernetes API, but constrained by high attack complexity (AC:H) due to the non-default ExternalNetResourceInjection feature gate prerequisite, and requiring low-privilege authenticated access (PR:L, kubevirt.io:edit role). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A tenant holding kubevirt.io:edit permissions on a cluster where ExternalNetResourceInjection is enabled submits a VirtualMachineInstance manifest with the Multus networkName field set to a JSON NetworkSelectionElement array, specifying an administrative-namespace NAD and a spoofed IP and MAC address matching a privileged host. The API server admits the VMI (only the empty-string check fires), the launcher pod is created carrying the injected annotation, and Multus on the node parses it and attaches the pod to the targeted network segment - granting the tenant traffic visibility and impersonation capability on a network normally inaccessible to tenant workloads. … |
| Remediation | Monitor the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-13434 for a patched release; no specific fixed version was confirmed in available data at time of analysis, and the Bugzilla report at https://bugzilla.redhat.com/show_bug.cgi?id=2493576 should be tracked for patch availability. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Privilege escalation to cluster-wide control in KubeVirt's virt-handler component (as shipped in Red Hat OpenShift Virtu
Cross-tenant VM compromise in KubeVirt (and Red Hat OpenShift Virtualization 4) occurs when spec.configuration.migration
Arbitrary file read in KubeVirt's virt-exportserver component allows authenticated namespace users to exfiltrate sensiti
Unbounded memory allocation in KubeVirt's downward metrics virtio-serial server within Red Hat OpenShift Virtualization
Same weakness CWE-20 – Improper Input Validation
View allSame technique Code Injection
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Micro 5.3 | Not-Affected |
| SUSE Linux Enterprise Micro 5.4 | Not-Affected |
| SUSE Linux Enterprise Micro 5.5 | Not-Affected |
| SUSE Linux Enterprise Module for Containers 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server 16.0 | Not-Affected |
| SUSE Linux Enterprise Server 16.1 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Not-Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Not-Affected |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Not-Affected |
| SUSE Linux Micro 6.0 | Not-Affected |
| SUSE Linux Micro 6.1 | Not-Affected |
| SUSE Linux Micro 6.2 | Not-Affected |
| openSUSE Leap 16.0 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Module for Containers 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Module for Containers 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP5 | Not-Affected |
| SUSE Manager Proxy 4.3 | Not-Affected |
| SUSE Manager Retail Branch Server 4.3 | Not-Affected |
| SUSE Manager Server 4.3 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Not-Affected |
| openSUSE Leap 15.4 | Not-Affected |
| openSUSE Leap 15.5 | Not-Affected |
| openSUSE Leap Micro 5.3 | Not-Affected |
| openSUSE Leap Micro 5.4 | Not-Affected |
| openSUSE Leap Micro 5.5 | Not-Affected |
| SUSE Linux Micro Extras 6.0 | Not-Affected |
| SUSE Linux Micro Extras 6.1 | Not-Affected |
| SUSE Linux Micro Extras 6.2 | Not-Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39796
GHSA-9fjc-whw6-cqfc