Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.
AnalysisAI
Privilege escalation to cluster-wide control in KubeVirt's virt-handler component (as shipped in Red Hat OpenShift Virtualization 4) allows a namespace-scoped OpenShift user with edit permissions to hijack the virt-handler's privileged Unix socket connection via a symlink swap on a virtual machine console socket. Successful exploitation leads to interaction with arbitrary host Unix sockets, including CRI-O, enabling node takeover and cluster compromise. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.12%, 30th percentile), but CVSS is 9.9 with a scope change reflecting the host/cluster blast radius.
Technical ContextAI
KubeVirt extends Kubernetes to run virtual machines as pods, with virt-handler running as a privileged DaemonSet on each node so it can manage VM lifecycle and connect to per-VM Unix sockets (such as the serial console socket) inside tenant-controlled paths. The root cause is CWE-59 (Improper Link Resolution Before File Access, aka 'Link Following'): virt-handler opens the console socket path without validating that it is a real socket rather than a symlink, so a tenant with edit rights in a namespace can replace the expected socket with a symlink pointing at the host's CRI-O runtime socket. Because virt-handler runs with host-level privileges and host filesystem access, the dereference happens in the privileged context and connects the attacker to whichever Unix socket the symlink targets - in particular CRI-O, the OCI runtime that controls all containers on the node.
RemediationAI
Patch available per vendor advisory: apply the Red Hat OpenShift Virtualization updates published in RHSA-2026:20720, 20736, 20763, 20767, 20782, 20825, 20866, 20886, 20890, and 20975 (all at https://access.redhat.com/errata/) corresponding to your OpenShift Virtualization 4 stream, and on SUSE apply SUSE-SU-2026:2077. Until the cluster is patched, reduce exposure by tightening RBAC so that untrusted users do not hold edit (or higher) verbs on VirtualMachine/VirtualMachineInstance resources in shared namespaces - this directly removes the PR:L precondition but breaks self-service VM management for those users; additionally, restrict or audit use of the virtctl console / VM console subresource for tenant namespaces, accepting that legitimate console troubleshooting will be impacted. Network-layer mitigations are not effective here because the abuse path is the in-cluster console socket on the node, not an exposed network service.
Cross-tenant VM compromise in KubeVirt (and Red Hat OpenShift Virtualization 4) occurs when spec.configuration.migration
Arbitrary file read in KubeVirt's virt-exportserver component allows authenticated namespace users to exfiltrate sensiti
Network annotation injection in KubeVirt's VirtualMachineInstance API allows authenticated tenants to attach launcher po
Unbounded memory allocation in KubeVirt's downward metrics virtio-serial server within Red Hat OpenShift Virtualization
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Containers 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Micro 5.3 | Fixed |
| SUSE Linux Enterprise Micro 5.4 | Fixed |
| SUSE Linux Enterprise Micro 5.5 | Fixed |
| SUSE Linux Enterprise Module for Containers 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Micro 6.0 | Fixed |
| SUSE Linux Micro 6.1 | Fixed |
| SUSE Linux Micro 6.2 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Containers 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Containers 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap Micro 5.3 | Fixed |
| openSUSE Leap Micro 5.4 | Fixed |
| openSUSE Leap Micro 5.5 | Fixed |
| SUSE Linux Micro Extras 6.0 | Fixed |
| SUSE Linux Micro Extras 6.1 | Fixed |
| SUSE Linux Micro Extras 6.2 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31824
GHSA-7jcp-v9w4-wjmg