Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-7374
PUBLISHED
More InfoOfficial Page
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
View Known Exploited Vulnerability (KEV) details
Published At-26 May, 2026 | 13:14
Updated At-28 May, 2026 | 02:39
Rejected At-
▼CVE Numbering Authority (CNA)
Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Container Native Virtualization 4.12
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
container-native-virtualization/virt-handler
CPEs
  • cpe:/a:redhat:container_native_virtualization:4.12::el8
Default Status
affected
Versions
Unaffected
  • From 1779375376 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Container Native Virtualization 4.13
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
container-native-virtualization/virt-handler-rhel9
CPEs
  • cpe:/a:redhat:container_native_virtualization:4.13::el9
Default Status
affected
Versions
Unaffected
  • From 1778999881 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Container Native Virtualization 4.14
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
container-native-virtualization/virt-handler-rhel9
CPEs
  • cpe:/a:redhat:container_native_virtualization:4.14::el9
Default Status
affected
Versions
Unaffected
  • From 1779321599 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Container Native Virtualization 4.15
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
container-native-virtualization/virt-handler-rhel9
CPEs
  • cpe:/a:redhat:container_native_virtualization:4.15::el9
Default Status
affected
Versions
Unaffected
  • From 1778859977 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Container Native Virtualization 4.16
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
container-native-virtualization/virt-handler-rhel9
CPEs
  • cpe:/a:redhat:container_native_virtualization:4.16::el9
Default Status
affected
Versions
Unaffected
  • From 1778861274 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Container Native Virtualization 4.17
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
container-native-virtualization/virt-handler-rhel9
CPEs
  • cpe:/a:redhat:container_native_virtualization:4.17::el9
Default Status
affected
Versions
Unaffected
  • From 1779174925 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Container Native Virtualization 4.18
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
container-native-virtualization/virt-handler-rhel9
CPEs
  • cpe:/a:redhat:container_native_virtualization:4.18::el9
Default Status
affected
Versions
Unaffected
  • From 1778887155 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Container Native Virtualization 4.19
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
container-native-virtualization/virt-handler-rhel9
CPEs
  • cpe:/a:redhat:container_native_virtualization:4.19::el9
Default Status
affected
Versions
Unaffected
  • From 1779289071 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Container Native Virtualization 4.2
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
container-native-virtualization/virt-handler-rhel9
CPEs
  • cpe:/a:redhat:container_native_virtualization:4.20::el9
Default Status
affected
Versions
Unaffected
  • From 1779288737 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Container Native Virtualization 4.21
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
container-native-virtualization/virt-handler-rhel9
CPEs
  • cpe:/a:redhat:container_native_virtualization:4.21::el9
Default Status
affected
Versions
Unaffected
  • From 1779420069 before * (rpm)
Problem Types
TypeCWE IDDescription
CWECWE-59Improper Link Resolution Before File Access ('Link Following')
Type: CWE
CWE ID: CWE-59
Description: Improper Link Resolution Before File Access ('Link Following')
Metrics
VersionBase scoreBase severityVector
3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Update cluster RBAC to not allow exec into virt-launcher pods.

Exploits
Credits
This issue was discovered by Sarah Bennert (Red Hat) and Stoyan Nikolov (Red Hat).
Timeline
EventDate
Reported to Red Hat.2026-04-22 07:20:25
Made public.2026-05-26 12:30:00
Event: Reported to Red Hat.
Date: 2026-04-22 07:20:25
Event: Made public.
Date: 2026-05-26 12:30:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2026:20720
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20736
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20763
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20767
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20782
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20825
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20866
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20886
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20890
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:20975
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-7374
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2463728
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20720
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20736
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20763
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20767
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20782
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20825
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20866
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20886
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20890
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20975
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-7374
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2463728
Resource:
issue-tracking
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found