Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink...

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.

AI Analysis

Privilege escalation and node compromise via symlink following vulnerability in KubeVirt's virt-handler component

Basic Information

ID CVE-2026-7374

Source redhat

Published May 26, 2026 at 13:14

Affected Product

Vendor Red Hat

Product Red Hat OpenShift Virtualization 4

CWE Classification

CWE-59

AI Assessment

AI Score 9.9 / 10

AI Severity Critical

Vendor Red Hat

Product KubeVirt

References

{
    "lastseen": "",
    "description": "A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.",
    "published": "2026-05-26T13:14:53.851Z",
    "modified": "2026-05-26T13:14:53.851Z",
    "type": "cve",
    "title": "Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability",
    "source": "redhat",
    "references": "https://access.redhat.com/security/cve/CVE-2026-7374\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2463728",
    "id": "CVE-2026-7374",
    "bulletinFamily": "",
    "cwe": [
        "CWE-59"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Red Hat OpenShift Virtualization 4",
    "version": "",
    "vendor": "Red Hat",
    "ai_description": "Privilege escalation and node compromise via symlink following vulnerability in KubeVirt's virt-handler component",
    "ai_severity": "Critical",
    "ai_vendor": "Red Hat",
    "ai_product": "KubeVirt",
    "ai_version": "",
    "ai_score": 9.9
}

Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability_CVE-2026-7374