Vendor
high
advisory
KubeVirt virt-exportserver Path Traversal Vulnerability (CVE-2026-9804)
2 rules 1 TTP 1 CVEA path traversal vulnerability exists in KubeVirt's virt-exportserver component, where an attacker with namespace-level access can exploit this flaw by creating a symbolic link within an exported filesystem PVC to read arbitrary files from the exporter pod, leading to information disclosure.
virt-exportserver
kube-virt
path-traversal
vulnerability
cloud
2r
1t
1c
critical
advisory
KubeVirt virt-handler Symlink Vulnerability Leading to Container Escape (CVE-2026-7374)
2 rules 1 TTP 1 CVECVE-2026-7374 allows an authenticated OpenShift user with edit permissions in a single namespace to escalate privileges to full cluster control by exploiting improper symlink validation in KubeVirt's virt-handler component when connecting to VM console sockets.
virt-handler +1
kubeVirt
openshift
symlink
container escape
privilege escalation
2r
1t
1c