PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-13218 Red Hat CVE debrief

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causing virt-handler to follow it and overwrite an arbitrary host file with JSON content and change its ownership. This medium-severity vulnerability requires access to the virt-launcher container and has a CVSS score of 4.2. Users of KubeVirt, particularly those with access to the virt-launcher container, should be aware of this flaw and take steps to mitigate it.

Vendor
Red Hat
Product
Red Hat OpenShift Virtualization 4
CVSS
MEDIUM 4.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-26
Original CVE updated
2026-07-06
Advisory published
2026-06-26
Advisory updated
2026-07-06

Who should care

Users of KubeVirt, particularly those with access to the virt-launcher container, should be aware of this medium-severity flaw and take steps to mitigate it. Affected operator, platform, vulnerability-management, and security teams should prioritize patching or mitigation efforts.

Technical summary

The WriteToCachedFile function in KubeVirt's virt-handler writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. This allows a user with access to the virt-launcher container to plant a symlink at the cache file path, causing virt-handler to follow it and overwrite an arbitrary host file with JSON content and change its ownership. The flaw requires access to the virt-launcher container and has a CVSS score of 4.2, indicating a medium-severity vulnerability.

Defensive priority

Medium priority, as the flaw requires access to the virt-launcher container and has a CVSS score of 4.2. Recommended actions include applying vendor patches, restricting access to the virt-launcher container, and monitoring for suspicious activity.

Recommended defensive actions

  • Apply the vendor patch or update to a fixed version of KubeVirt
  • Restrict access to the virt-launcher container
  • Monitor for suspicious activity related to virt-handler and cache files
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Evidence notes

The CVE record was published on 2026-06-26T00:16:51.147Z and last modified on 2026-07-06T17:46:14.380Z. The NVD entry is currently Analyzed. Evidence is limited to CVE and NVD information; further verification is recommended. Defensive verification tasks include reviewing vendor advisories and tracking affected systems.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-26T00:16:51.147Z and has not been modified since then. The NVD entry is currently Analyzed.