CVE-2026-7374

Name of the Vulnerable Software and Affected Versions KubeVirt (affected versions not specified)

Description A flaw in the virt-handler component allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack the privileged connection of virt-handler. This enables access to any Unix socket on the host, which may lead to full control of the node and the entire cluster.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.