Symlink Validation Flaw in KubeVirt's virt-handler Component Affects OpenShift
CVE-2026-7374

9.9CRITICAL

Key Information:

Vendor

Red Hat
Status
Red Hat Container Native Virtualization 4.12
Red Hat Container Native Virtualization 4.13
Red Hat Container Native Virtualization 4.14
Red Hat Container Native Virtualization 4.15
Vendor
CVE Published:
26 May 2026

What is CVE-2026-7374?

A flaw in the virt-handler component of KubeVirt allows authenticated OpenShift users with edit permissions to exploit improper symlink validation when accessing virtual machine console sockets. By substituting the console socket with a symlink to the host's container runtime (CRI-O) socket, attackers can hijack the privileged connection of virt-handler. This may grant them unauthorized access to Unix sockets on the host, potentially compromising the integrity and security of the entire node and cluster.

Affected Version(s)

Red Hat Container Native Virtualization 4.12 1779375376

Red Hat Container Native Virtualization 4.13 1778999881

Red Hat Container Native Virtualization 4.14 1779321599

References

https://access.redhat.com/errata/RHSA-2026:20720
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20736
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20763
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Sarah Bennert (Red Hat) and Stoyan Nikolov (Red Hat).
.