Memory Allocation Vulnerability in KubeVirt by Red Hat
CVE-2026-13322

3.8LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Openshift Virtualization 4
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-13322?

A significant memory allocation flaw exists in KubeVirt's virtio-serial server component, which processes guest requests without a defined length limit. By exploiting this weakness, an attacker with access to a guest virtual machine can send a continuous stream of bytes to the device. This continuous input leads to unbounded memory consumption within the virt-handler process, ultimately resulting in an out-of-memory (OOM) condition. If exploited, this vulnerability could disrupt services by causing the affected processes to become unresponsive.

References

https://access.redhat.com/security/cve/CVE-2026-13322

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2492681

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 25, 2026

Credit

This issue was discovered by Huzaifa Sidhpurwala (Red Hat).

CVE-2026-13322 Data

JSON