EUVD-2026-32748
GHSA-mpmf-3w4r-qfpf
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod's filesystem. This leads to information disclosure, potentially exposing sensitive data.
AnalysisAI
Arbitrary file read in KubeVirt's virt-exportserver component allows authenticated namespace users to exfiltrate sensitive files from the exporter pod via symlink-based path traversal in the VMExport directory endpoint. The flaw, reported by Red Hat and impacting Red Hat OpenShift Virtualization 4, carries a CVSS 7.7 score driven by scope change and high confidentiality impact, though no public exploit identified at time of analysis.
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Red Hat OpenShift Virtualization 4 deployments and audit namespace-level RBAC assignments to VMExport resources. Within 7 days: Restrict vmexport API permissions to strictly necessary identities via RBAC policies; disable or isolate the virt-exportserver if not actively required; implement network policies limiting exporter pod egress traffic. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today