Kubevirt
by Kubevirt
Source repositories
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7374 | Cri | 0.64 | 9.9 | 0.01 | May 26, 2026 | A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket… | ||
| CVE-2026-13325 | mod | 0.55 | 8.5 | 0.00 | Jun 26, 2026 | virt-handler-rhel9: kubevirt: kubevirt: DisableTLS migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces | ||
| CVE-2026-9804 | Hig | 0.50 | 7.7 | 0.01 | May 28, 2026 | A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim… | ||
| CVE-2026-13318 | mod | 0.42 | 6.4 | 0.00 | Jun 25, 2026 | virt-api-rhel9: kubevirt: KubeVirt: SSRF in virt-api port-forward via unvalidated guest-agent-reported IP | ||
| CVE-2026-13208 | mod | 0.42 | 6.5 | 0.00 | Jun 24, 2026 | kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts VMI identity from unauthenticated gRPC request body | ||
| CVE-2026-13201 | mod | 0.34 | 5.2 | 0.00 | Jun 24, 2026 | kubevirt: virt-handler-rhel9: kubevirt: safepath OpenAtNoFollow symlink following via /proc/self/fd allows host file metadata modification | ||
| CVE-2026-13434 | mod | 0.32 | 4.9 | 0.00 | Jun 26, 2026 | virt-controller-rhel9: kubevirt: kubevirt: Multus default-network annotation injection via unvalidated tenant networkName when ExternalNetResourceInjection is enabled | ||
| CVE-2026-13218 | mod | 0.27 | 4.2 | 0.00 | Jun 25, 2026 | kubevirt: kubevirt: symlink following in WriteToCachedFile allows host file overwrite from virt-launcher | ||
| CVE-2026-13322 | low | 0.25 | 3.8 | 0.00 | Jun 25, 2026 | kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial ReadLine in virt-handler causes OOM denial of service | ||
| CVE-2025-64324 | 0.00 | — | 0.00 | Nov 18, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more… | |||
| CVE-2025-64433 | 0.00 | — | 0.00 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks… | |||
| CVE-2025-64437 | 0.00 | — | 0.00 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files… | |||
| CVE-2025-64436 | 0.00 | — | 0.00 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This… | |||
| CVE-2025-64435 | 0.00 | — | 0.00 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the… | |||
| CVE-2025-64434 | 0.00 | — | 0.00 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api… | |||
| CVE-2025-64432 | 0.00 | — | 0.00 | Nov 7, 2025 | KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api… | |||
| CVE-2024-33394 | 0.00 | — | 0.00 | May 2, 2024 | An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | |||
| CVE-2023-26484 | 0.00 | — | 0.01 | Mar 15, 2023 | KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs.… | |||
| CVE-2020-14316 | 0.00 | — | 0.02 | Jul 29, 2020 | A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can… |
- risk 0.64cvss 9.9epss 0.01
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket…
- risk 0.55cvss 8.5epss 0.00
virt-handler-rhel9: kubevirt: kubevirt: DisableTLS migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces
- risk 0.50cvss 7.7epss 0.01
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim…
- risk 0.42cvss 6.4epss 0.00
virt-api-rhel9: kubevirt: KubeVirt: SSRF in virt-api port-forward via unvalidated guest-agent-reported IP
- risk 0.42cvss 6.5epss 0.00
kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts VMI identity from unauthenticated gRPC request body
- risk 0.34cvss 5.2epss 0.00
kubevirt: virt-handler-rhel9: kubevirt: safepath OpenAtNoFollow symlink following via /proc/self/fd allows host file metadata modification
- risk 0.32cvss 4.9epss 0.00
virt-controller-rhel9: kubevirt: kubevirt: Multus default-network annotation injection via unvalidated tenant networkName when ExternalNetResourceInjection is enabled
- risk 0.27cvss 4.2epss 0.00
kubevirt: kubevirt: symlink following in WriteToCachedFile allows host file overwrite from virt-launcher
- risk 0.25cvss 3.8epss 0.00
kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial ReadLine in virt-handler causes OOM denial of service
- CVE-2025-64324Nov 18, 2025risk 0.00cvss —epss 0.00
KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more…
- CVE-2025-64433Nov 7, 2025risk 0.00cvss —epss 0.00
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks…
- CVE-2025-64437Nov 7, 2025risk 0.00cvss —epss 0.00
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files…
- CVE-2025-64436Nov 7, 2025risk 0.00cvss —epss 0.00
KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This…
- CVE-2025-64435Nov 7, 2025risk 0.00cvss —epss 0.00
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the…
- CVE-2025-64434Nov 7, 2025risk 0.00cvss —epss 0.00
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api…
- CVE-2025-64432Nov 7, 2025risk 0.00cvss —epss 0.00
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api…
- CVE-2024-33394May 2, 2024risk 0.00cvss —epss 0.00
An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
- CVE-2023-26484Mar 15, 2023risk 0.00cvss —epss 0.01
KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs.…
- CVE-2020-14316Jul 29, 2020risk 0.00cvss —epss 0.02
A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can…