ByteOS Network

NVD Vulnerability Details :

CVE-2026-24834

Awaiting Analysis

Source-security-advisories@github.com

Published At-19 Feb, 2026 | 17:24

Updated At-20 Feb, 2026 | 13:49

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.3	CRITICAL	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 9.3

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-732	Primary	security-advisories@github.com

CWE ID: CWE-732

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/kata-containers/kata-containers/commit/6a672503973bf7c687053e459bfff8a9652e16bf	security-advisories@github.com	N/A
https://github.com/kata-containers/kata-containers/releases/tag/3.27.0	security-advisories@github.com	N/A
https://github.com/kata-containers/kata-containers/security/advisories/GHSA-wwj6-vghv-5p64	security-advisories@github.com	N/A