Kubevirt · Kubevirt · CVE-2026-7374
**Name of the Vulnerable Software and Affected Versions**
KubeVirt (affected versions not specified)
**Description**
A flaw in the `virt-handler` component allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack the privileged connection of `virt-handler`. This enables access to any Unix socket on the host, which may lead to full control of the node and the entire cluster.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.