KubeVirt virt-handler Symlink Hijack Allows Node/Cluster Takeover
CVE-2026-7374 Published on May 26, 2026

Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster.

NVD

Vulnerability Analysis

CVE-2026-7374 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public. 34 days later.

Weakness Type

What is an insecure temporary file Vulnerability?

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVE-2026-7374 has been classified to as an insecure temporary file vulnerability or weakness.


Products Associated with CVE-2026-7374

Want to know whenever a new CVE is published for Red Hat Container Native Virtualization? stack.watch will email you.

Red Hat Container Native Virtualization
 

Affected Versions

Red Hat OpenShift Virtualization 4: