Vendor

KubeVirt

1 brief RSS

KubeVirt virt-handler Symlink Vulnerability Leading to Container Escape (CVE-2026-7374)

CVE-2026-7374 allows an authenticated OpenShift user with edit permissions in a single namespace to escalate privileges to full cluster control by exploiting improper symlink validation in KubeVirt's virt-handler component when connecting to VM console sockets.

virt-handler +1 kubeVirt openshift symlink container escape privilege escalation

2r 1t 1c 1h ago