Introduction
A single namespace edit role in an OpenShift cluster running KubeVirt is now enough to achieve full node and cluster compromise. CVE-2026-7374 exposes a symlink following flaw in KubeVirt's privileged virt-handler DaemonSet that lets an attacker redirect a console socket connection to the host's CRI-O runtime socket, turning a routine VM management operation into a cluster takeover vector.
KubeVirt is a CNCF project that enables running traditional virtual machine workloads alongside containers on Kubernetes clusters. It serves as the upstream foundation for Red Hat OpenShift Virtualization, making it a core component in enterprise Kubernetes deployments where organizations need to run both VMs and containers on the same infrastructure. Any vulnerability in KubeVirt's privileged components directly impacts Red Hat's enterprise customer base and the broader OpenShift ecosystem.
Technical Information
Root Cause: CWE-59 Symlink Following in Socket Path Resolution
CVE-2026-7374 falls under CWE-59: Improper Link Resolution Before File Access. The core issue is that virt-handler does not validate whether a VM console socket path is a regular file or a symbolic link before establishing a connection. Because virt-handler runs as a privileged DaemonSet with hostPID on every worker node, any file operation it performs carries host-level permissions. When it follows a symlink planted by an attacker, it unknowingly establishes a privileged connection to an arbitrary Unix socket on the host.
This is not a novel weakness class in the container ecosystem. Symlink following vulnerabilities have historically been the most prevalent category of container escape flaws, and the Kubernetes/container runtime boundary is a well-known attack surface for this type of issue.
The virt-handler Component
The virt-handler is deployed as a DaemonSet, meaning one instance runs on every worker node in a KubeVirt-enabled cluster. Its responsibilities include managing virtual machine pods and facilitating console access to VMs. To perform these functions, it operates with hostPID and elevated privileges, giving it significant access to host-level resources. This privileged position makes it a high-value target: any operation virt-handler can be tricked into performing is executed with those elevated permissions.
Attack Flow
The exploitation chain proceeds through five distinct stages:
Stage 1: Initial Access. An authenticated OpenShift user with the standard edit role in a single namespace uses kubectl exec (or equivalent) to gain a shell inside a virt-launcher pod. The edit role is a common, broadly granted Kubernetes role that is not typically considered a high-risk privilege.
Stage 2: Socket Replacement. Inside the virt-launcher pod, the attacker locates the VM console socket file and replaces it with a symbolic link. The symlink target is the host's CRI-O container runtime socket, typically located at /run/crio/crio.sock. This is the critical step that weaponizes the CWE-59 weakness.
Stage 3: Privileged Connection Hijack. When virt-handler next attempts to connect to the VM console socket (as part of its normal operation), it follows the symlink without validation. Because virt-handler runs with host-level privileges, the resulting connection to the CRI-O socket inherits those elevated permissions.
Stage 4: Host Socket Access. Through the hijacked CRI-O socket connection, the attacker can issue container runtime commands as a privileged process. The Bugzilla report (2463728) indicates the attacker can reach any Unix socket on the host, not just CRI-O, broadening the attack surface considerably.
Stage 5: Node and Cluster Compromise. With access to the CRI-O socket, the attacker can create privileged containers, access node resources, extract credentials, and gain full control of the worker node. In Kubernetes environments, compromising a single node frequently leads to compromise of the entire cluster, particularly if the node hosts control-plane components or if cluster-wide credentials are accessible from the node's filesystem.
CVSS Scoring Discrepancy
There is a notable disagreement on severity scoring for this vulnerability:
| Scoring Source | CVSS Score | Severity |
|---|---|---|
| Original Submission | 9.9 | Critical |
| Red Hat | 8.4 | High |
| NVD | Not yet assigned | Pending |
The Red Hat CVSS v3 score of 8.4 reflects a local attack vector, low attack complexity, low privileges required, and high impact across confidentiality, integrity, and availability. The gap between 8.4 and 9.9 likely stems from differing assessments of scope change: whether the vulnerability's impact extends beyond the vulnerable component (a single node) to the broader system (the entire cluster). Given the documented path from namespace edit access to full cluster control, organizations should treat this as critical severity until NVD completes its independent assessment.
Relationship to GHSA-2r4r-5x78-mvqf
This is the second symlink following flaw in virt-handler within six months. The earlier vulnerability, GHSA-2r4r-5x78-mvqf, was published on November 6, 2025 and described the same root cause: virt-handler does not verify whether the launcher-sock is a symlink or a regular file. In that case, the impact was limited to changing ownership of arbitrary host files to an unprivileged user (UID 107), earning a Moderate rating with CVSS 5.0. Affected versions were KubeVirt 1.5.2 and earlier, plus 1.6.0, with fixes shipped in 1.5.3, 1.6.1, and 1.7.0.
CVE-2026-7374 exploits the same fundamental weakness but achieves a dramatically more severe outcome: full cluster compromise rather than file ownership manipulation. This suggests either the prior fix was incomplete, addressing only the specific file ownership attack path without hardening the broader socket connection logic, or a new variant emerged that bypasses the earlier mitigation.
Affected Systems and Versions
Based on available source materials, the following systems are affected:
The vulnerability affects KubeVirt's virt-handler component running on OpenShift clusters. The earlier related vulnerability (GHSA-2r4r-5x78-mvqf) affected KubeVirt versions 1.5.2 and earlier, as well as version 1.6.0, with fixes in versions 1.5.3, 1.6.1, and 1.7.0. However, since CVE-2026-7374 appears to represent a new or expanded attack path against the same component, it is unclear whether those patched versions are fully protected against this specific CVE.
No Red Hat Security Advisory (RHSA) has been published for CVE-2026-7374 as of May 26, 2026, so the exact affected version ranges for Red Hat OpenShift Virtualization have not been formally declared. The existing RHSA-2026:7245 (issued April 15, 2026) addresses CVE-2026-33186 for OpenShift 4.21.10 but does not mention CVE-2026-7374.
Organizations running KubeVirt in any deployment model (upstream or via OpenShift Virtualization) should consider themselves potentially affected until a specific advisory is published.
Vendor Security History
KubeVirt has accumulated approximately 15 CVEs according to CVEdetails, with impacts spanning code execution (1 vulnerability), privilege escalation (1 vulnerability), denial of service (2 vulnerabilities), and directory traversal (1 vulnerability). A separate aggregator, AIGCVE, lists 9 CVEs for the project.
The project completed a third-party security audit in 2025, organized through the CNCF and OSTIF as part of KubeVirt's application to graduate within the CNCF. While this demonstrates institutional commitment to security, the recurrence of symlink following flaws in virt-handler indicates the audit may not have fully captured the depth of filesystem interaction risks in this specific component.
Beyond CVE-2026-7374, another recent vulnerability, CVE-2026-6383, was also identified in the kubevirt-virt-handler image. That flaw involves improper RBAC evaluation logic where the authorization mechanism truncates subresource names. The clustering of multiple security issues in the virt-handler component points to a pattern of security weaknesses in this privileged DaemonSet that warrants focused attention from both the upstream project and downstream consumers.
The Red Hat OpenShift Container Platform had 18 security vulnerabilities recorded in 2025 according to stack.watch, with none recorded in 2026 prior to this CVE, though that count likely has not yet been updated to include CVE-2026-7374.
References
- Red Hat CVE Page for CVE-2026-7374
- NVD Entry for CVE-2026-7374
- Red Hat Bugzilla 2463728: KubeVirt virt-handler Privilege Escalation via Symlink Following
- GitHub Advisory GHSA-2r4r-5x78-mvqf: Earlier Symlink Following Flaw in virt-handler
- Red Hat CVE Page for CVE-2026-6383 (Related virt-handler RBAC Flaw)
- KubeVirt Project Homepage
- KubeVirt Security Audit Announcement (2025)
- CWE-59: Improper Link Resolution Before File Access
- CVEdetails: KubeVirt Products and Vulnerabilities
- OpenCVE: KubeVirt CVEs and Security Vulnerabilities
- Chainguard: kubevirt-virt-handler CVE Advisories
- RHSA-2026:7245 Security Advisory



