CVE-2026-9804 is a vulnerability in Red Hat Container Native Virtualization
Published on May 28, 2026
Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an exported filesystem Persistent Volume Claim (PVC) that points outside its designated mount root, the attacker can read arbitrary files from the exporter pod's filesystem. This leads to information disclosure, potentially exposing sensitive data.
Vulnerability Analysis
CVE-2026-9804 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Timeline
Reported to Red Hat.
Made public. 10 days later.
Weakness Type
What is an insecure temporary file Vulnerability?
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2026-9804 has been classified to as an insecure temporary file vulnerability or weakness.
Products Associated with CVE-2026-9804
Want to know whenever a new CVE is published for Red Hat Container Native Virtualization? stack.watch will email you.