<Vulnerability name="CVE-2026-13208">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Moderate</ThreatSeverity>
    <PublicDate>2026-06-24T00:00:00</PublicDate>
    <Bugzilla id="2492220" url="https://bugzilla.redhat.com/show_bug.cgi?id=2492220" xml:lang="en:us">
kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts VMI identity from unauthenticated gRPC request body
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>6.5</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-287</CWE>
    <Details xml:lang="en:us" source="Mitre">
A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity (namespace/name) solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI pipe socket, but no identity tag is propagated from the pipe path to the server handlers. This allows a compromised virt-launcher process to send forged domain lifecycle events for any other VMI scheduled on the same node, causing virt-handler to erroneously update that VMI's state and disrupt its lifecycle management.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity (namespace/name) solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI pipe socket, but no identity tag is propagated from the pipe path to the server handlers. This allows a compromised virt-launcher process to send forged domain lifecycle events for any other VMI scheduled on the same node, causing virt-handler to erroneously update that VMI's state and disrupt its lifecycle management.
    </Details>
    <Statement xml:lang="en:us">
Red Hat has assessed this issue as Moderate impact for OpenShift Virtualization. In a default deployment, a user with namespace edit permissions can exec into their own virt-launcher pod and exploit the unvalidated VMI identity in the notify server to disrupt co-located VMs belonging to other tenants. The attack is limited to denial of service (forced shutdown/restart of targeted VMs) and does not provide data access or code execution. Exploitation requires: (1) shell access inside a virt-launcher pod on the target node, (2) knowledge of the victim VMI's namespace and name, and (3) the victim VM to be scheduled on the same node. SELinux MCS labels do not mitigate this because the notify pipe socket is a legitimate communication channel accessible to the launcher process. Network policies are irrelevant as this uses local Unix sockets.
    </Statement>
    <Acknowledgement xml:lang="en:us">
This issue was discovered by Huzaifa Sidhpurwala (Red Hat).
    </Acknowledgement>
    <Mitigation xml:lang="en:us">
Organizations can reduce exposure by: (1) restricting pods/exec permission on virt-launcher pods via admission policies (e.g., Gatekeeper or Kyverno rules denying exec on pods with the kubevirt.io launcher label), (2) using node affinity or dedicated node pools to isolate high-security tenant workloads from untrusted tenants, and (3) monitoring for unexpected VMI state transitions via cluster alerting.
    </Mitigation>
    <PackageState cpe="cpe:/a:redhat:container_native_virtualization:4">
        <ProductName>Red Hat OpenShift Virtualization 4</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>container-native-virtualization/virt-handler</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:container_native_virtualization:4">
        <ProductName>Red Hat OpenShift Virtualization 4</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>container-native-virtualization/virt-handler-rhel9</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-13208
https://nvd.nist.gov/vuln/detail/CVE-2026-13208
    </References>
</Vulnerability>