CVE Catalog

CVE-2026-13218

MediumCVSS 4.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile - higher than 1% of all known CVEs

Summary

A flaw in KubeVirt's virt-handler network cache handling allows a user with access to the virt-launcher container to overwrite arbitrary host files with JSON content and change their ownership by planting a symlink at the cache file path.

Risk Assessment

An attacker can overwrite critical host files, leading to privilege escalation, system integrity compromise, and potential full node takeover in KubeVirt environments.

Recommendation

Update KubeVirt to a patched version immediately and consider restricting access to the virt-launcher container using pod security policies.

Original NVD description (English source)

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causing virt-handler to follow it and overwrite an arbitrary host file with JSON content and change its ownership.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS