CVE-2026-9804
Description
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod's filesystem. This leads to information disclosure, potentially exposing sensitive data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
KubeVirt virt-exportserver component path traversal via symlink in exported PVC filesystem allows arbitrary file read from the exporter pod.
Vulnerability
CVE-2026-9804 is a path traversal vulnerability in the virt-exportserver component of KubeVirt. The VMExport directory endpoint uses Go's http.FileServer(http.Dir(mountPoint)) to serve the contents of a filesystem Persistent Volume Claim (PVC). Because http.Dir follows symbolic links, an attacker who can control files inside an exported filesystem PVC can place a symlink pointing outside the PVC mount root and read arbitrary files from the exporter pod's filesystem through the directory endpoint. This vulnerability affects filesystem PVCs that do not have the cdi.kubevirt.io/storage.contentType annotation set to a KubeVirt content type. PVCs with KubeVirt content type receive raw/gzip export endpoints instead of the vulnerable directory endpoint [1][2].
Exploitation
To exploit this vulnerability, an attacker must have namespace-level access sufficient to create or control the contents of a filesystem PVC. The attacker needs to create a VirtualMachineExport resource for that PVC and possess or obtain the VMExport token. The attacker then embeds a symbolic link within the exported PVC that points to a target file outside the mount root. When the token is used to access the exported directory, the virt-exportserver follows the symlink and serves the targeted file, which resides on the exporter pod's filesystem [2]. Namespaces with mixed workloads (pods and VMs) are more likely to have affected PVCs than namespaces hosting only KubeVirt VMs [2].
Impact
Successful exploitation allows an attacker to read arbitrary files from the exporter pod's filesystem, leading to information disclosure. This can potentially expose sensitive data such as secrets, configuration files, or other confidential information stored within the pod [1][2].
Mitigation
Red Hat has not yet published a specific fixed version for this vulnerability. Users are advised to ensure that filesystem PVCs used with VMs have the cdi.kubevirt.io/storage.contentType annotation set to an appropriate KubeVirt content type, which causes the export endpoint to be raw/gzip instead of the vulnerable directory endpoint. Additionally, restrict namespace-level access to prevent unauthorized users from creating or modifying PVCs or VirtualMachineExport resources [1][2].
AI Insight generated on May 28, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2News mentions
0No linked articles in our index yet.