Access Control Flaw in KubeVirt Causes Unauthorized Resource Access
CVE-2026-6383

5.4MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Openshift Virtualization 4
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-6383?

A critical flaw has been identified in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect evaluations of permissions. This vulnerability allows authenticated users with specific custom roles to gain unauthorized access to subresources, potentially exposing sensitive information or enabling actions outside their permitted scope. Additionally, legitimate users may face denials when trying to access resources they should normally have permission to view or manage, raising concerns about security integrity and user trust.

References

https://access.redhat.com/security/cve/CVE-2026-6383

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2458741

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Apr 15, 2026

CVE-2026-6383 Data

JSON

Red Hat

What is CVE-2026-6383?

References

CVSS V3.1

Timeline