Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-7374
Awaiting Analysis
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-26 May, 2026 | 14:16
Updated At-28 May, 2026 | 03:16

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-59Secondarysecalert@redhat.com
CWE ID: CWE-59
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2026:20720secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:20736secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:20763secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:20767secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:20782secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:20825secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:20866secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:20886secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:20890secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:20975secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2026-7374secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2463728secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20720
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20736
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20763
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20767
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20782
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20825
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20866
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20886
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20890
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:20975
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-7374
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2463728
Source: secalert@redhat.com
Resource: N/A
Change History
0Changes found
Details not found