CVE-2026-7374
critical
CVSS v3
9.9
CVSS v2
—
VIR risk
9.9
Description
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.
Predictions
Exploit likelihood
98%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2026-7374.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | |
References
- https://access.redhat.com/errata/RHSA-2026:20720
- https://access.redhat.com/errata/RHSA-2026:20736
- https://access.redhat.com/errata/RHSA-2026:20763
- https://access.redhat.com/errata/RHSA-2026:20782
- https://access.redhat.com/errata/RHSA-2026:20825
- https://access.redhat.com/errata/RHSA-2026:20866
- https://access.redhat.com/errata/RHSA-2026:20886
- https://access.redhat.com/errata/RHSA-2026:20890
- https://access.redhat.com/errata/RHSA-2026:20975
- https://access.redhat.com/security/cve/CVE-2026-7374
- https://bugzilla.redhat.com/show_bug.cgi?id=2463728
- https://www.suse.com/security/cve/CVE-2026-7374.html
CWEs
CWE-59
Verify integrity in audit chain (admin only). AS-IS.