PT-2026-52631 · Red Hat · Red Hat Openshift Virtualization 4

Huzaifa Sidhpurwala

Published

2026-06-25

Updated

2026-06-26

CVE-2026-13218

CVSS v3.1

4.2

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causing virt-handler to follow it and overwrite an arbitrary host file with JSON content and change its ownership.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-61

Related Identifiers

CVE-2026-13218

Affected Products

Red Hat Openshift Virtualization 4

PT-2026-52631 · Red Hat · Red Hat Openshift Virtualization 4

CVE-2026-13218

Weakness Enumeration

Related Identifiers

Affected Products

References · 3