CVE 9.4 CRITICAL

Kata Container to Guest micro VM privilege escalation_CVE-2026-24834

February 19, 2026 invoker category_cve
9.4 / 10
CRITICAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.

AI Analysis

Arbitrary code execution as root in the Guest micro VM due to an issue in Kata with Cloud Hypervisor

Basic Information

ID CVE-2026-24834
Source GitHub_M
Published Feb 19, 2026 at 15:57

Affected Product

Vendor kata-containers
Product kata-containers
Version < 3.27.0
Affected Versions kata-containers kata-containers < 3.27.0

CWE Classification

CWE-732

AI Assessment

AI Score 9.4 / 10
AI Severity Critical
Vendor Kata Containers Project
Product Kata Containers
Version < 3.27.0

References

πŸ’­ Join the Security Discussion

πŸ”’ Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.