CVE-2026-7374
CRITICALKubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability
Title source: cnaDescription
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.
References (12)
Core 12
Core References
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-7374
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2463728
https://bugzilla.redhat.com/show_bug.cgi?id=2463728
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20720
https://access.redhat.com/errata/RHSA-2026:20720
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20736
https://access.redhat.com/errata/RHSA-2026:20736
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20763
https://access.redhat.com/errata/RHSA-2026:20763
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20782
https://access.redhat.com/errata/RHSA-2026:20782
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20825
https://access.redhat.com/errata/RHSA-2026:20825
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20767
https://access.redhat.com/errata/RHSA-2026:20767
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20866
https://access.redhat.com/errata/RHSA-2026:20866
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20886
https://access.redhat.com/errata/RHSA-2026:20886
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20890
https://access.redhat.com/errata/RHSA-2026:20890
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:20975
https://access.redhat.com/errata/RHSA-2026:20975
Scores
CVSS v3
9.9
EPSS
0.0054
EPSS Percentile
41.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-59
Status
published
Products (12)
Red Hat/Red Hat Container Native Virtualization 4.12
1779375376
Red Hat/Red Hat Container Native Virtualization 4.13
1778999881
Red Hat/Red Hat Container Native Virtualization 4.14
1779321599
Red Hat/Red Hat Container Native Virtualization 4.15
1778859977
Red Hat/Red Hat Container Native Virtualization 4.16
1778861274
Red Hat/Red Hat Container Native Virtualization 4.17
1779174925
Red Hat/Red Hat Container Native Virtualization 4.18
1778887155
Red Hat/Red Hat Container Native Virtualization 4.19
1779289071
Red Hat/Red Hat Container Native Virtualization 4.2
1779288737
Red Hat/Red Hat Container Native Virtualization 4.20
1779288737
... and 2 more
Published
May 26, 2026
Tracked Since
May 26, 2026