Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-26T12:30:00 kubevirt: KubeVirt virt-handler: Privilege escalation and node compromise via symlink following vulnerability 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CWE-59

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.

This is an Important privilege escalation flaw in KubeVirt's virt-handler component. An authenticated OpenShift user with edit permissions in a single namespace can exploit improper symlink validation to hijack virt-handler's privileged connection. This allows access to any Unix socket on the host, leading to potential full control of the node and the entire cluster. This issue was discovered by Sarah Bennert (Red Hat) and Stoyan Nikolov (Red Hat). Update cluster RBAC to not allow exec into virt-launcher pods. Red Hat Container Native Virtualization 4.12 2026-05-26T00:00:00Z RHSA-2026:20825 container-native-virtualization/virt-handler:1779375376 Red Hat Container Native Virtualization 4.13 2026-05-26T00:00:00Z RHSA-2026:20886 container-native-virtualization/virt-handler-rhel9:1778999881 Red Hat Container Native Virtualization 4.14 2026-05-26T00:00:00Z RHSA-2026:20890 container-native-virtualization/virt-handler-rhel9:1779321599 Red Hat Container Native Virtualization 4.15 2026-05-26T00:00:00Z RHSA-2026:20866 container-native-virtualization/virt-handler-rhel9:1778859977 Red Hat Container Native Virtualization 4.16 2026-05-26T00:00:00Z RHSA-2026:20975 container-native-virtualization/virt-handler-rhel9:1778861274 Red Hat Container Native Virtualization 4.17 2026-05-26T00:00:00Z RHSA-2026:20763 container-native-virtualization/virt-handler-rhel9:1779174925 Red Hat Container Native Virtualization 4.18 2026-05-26T00:00:00Z RHSA-2026:20736 container-native-virtualization/virt-handler-rhel9:1778887155 Red Hat Container Native Virtualization 4.19 2026-05-26T00:00:00Z RHSA-2026:20767 container-native-virtualization/virt-handler-rhel9:1779289071 Red Hat Container Native Virtualization 4.2 2026-05-26T00:00:00Z RHSA-2026:20782 container-native-virtualization/virt-handler-rhel9:1779288737 Red Hat Container Native Virtualization 4.21 2026-05-26T00:00:00Z RHSA-2026:20720 container-native-virtualization/virt-handler-rhel9:1779420069 https://www.cve.org/CVERecord?id=CVE-2026-7374 https://nvd.nist.gov/vuln/detail/CVE-2026-7374