GHSA-7jcp-v9w4-wjmgCriticalCVSS 9.9

KubeVirt has a Link Following vulnerability

Published
May 26, 2026
Last Modified
June 30, 2026

🔗 CVE IDs covered (1)

📋 Description

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.

🎯 Affected products3

  • go/kubevirt.io/kubevirt:>= 1.8.0-alpha.0, < 1.8.3
  • go/kubevirt.io/kubevirt:>= 1.7.0-alpha.0, < 1.7.4
  • go/kubevirt.io/kubevirt:< 1.6.6

🔗 References (17)