Which versions of Kata Containers are affected by EUVD-2026-25611?

Kata Containers versions 3.4.0 through 3.28.0 contain an arbitrary file write vulnerability that allows untrusted hosts to overwrite guest binaries and exfiltrate data, creating a critical breach of…. A patch is available.

Is there a public PoC exploit available for EUVD-2026-25611?

Yes, a public proof-of-concept exploit is available for EUVD-2026-25611. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-25611?

Within 24 hours: Identify all systems running Kata Containers versions 3.4.0-3.28.0 using inventory tools; document affected production and development environments. Within 7 days: Upgrade to Kata Containers v3.29.0 or later on non-production systems; validate functionality in staging. Within 30 days: Complete upgrade to v3.29.0+ on all production systems; implement host access controls to restrict file write operations to guest images during the transition period.

Kata Containers EUVD-2026-25611

Q: What is the CVSS score of EUVD-2026-25611?

EUVD-2026-25611 has a CVSS 4.0 base score of 8.2 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-41326 HIGH

UNIX Symbolic Link (Symlink) Following (CWE-61)

2026-04-24 GitHub_M

GHSA-q49m-57vm-c8cc

Information Disclosure Kata Containers

8.2

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.2 HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Red Hat

8.8 HIGH

qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch released

May 04, 2026 - 17:16 nvd

Patch available

Re-analysis Queued

Apr 27, 2026 - 14:22 vuln.today

cvss_changed

Patch available

Apr 24, 2026 - 21:02 EUVD

Analysis Generated

Apr 24, 2026 - 19:45 vuln.today

CVSS changed

Apr 24, 2026 - 19:22 NVD

8.2 (HIGH)

EUVD ID Assigned

Apr 24, 2026 - 19:15 euvd

EUVD-2026-25611

Analysis Generated

Apr 24, 2026 - 19:15 vuln.today

CVE Published

Apr 24, 2026 - 18:46 nvd

HIGH 8.2

DescriptionGitHub Advisory

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy (and perhaps the CopyFile handler) allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. This vulnerability is fixed in v3.29.0.

AnalysisAI

Arbitrary file write in Kata Containers v3.4.0 to v3.28.0 allows untrusted hosts to overwrite binaries and exfiltrate data from guest workloads, including those in confidential VMs (CVMs). The vulnerability stems from inadequate validation in the CopyFile policy, permitting host-initiated writes to arbitrary paths inside guest images. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Gain local host access

Delivery

Craft malicious CopyFile request with path traversal

Exploit

Overwrite guest binary or create exfiltration file

Execution

Guest executes compromised binary

Impact

Achieve code execution or data theft inside isolated container