PatchSiren cyber security CVE debrief
CVE-2026-13218 Red Hat CVE debrief
A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causing virt-handler to follow it and overwrite an arbitrary host file with JSON content and change its ownership. This medium-severity vulnerability requires access to the virt-launcher container and has a CVSS score of 4.2. Users of KubeVirt, particularly those with access to the virt-launcher container, should be aware of this flaw and take steps to mitigate it.
- Vendor
- Red Hat
- Product
- Red Hat OpenShift Virtualization 4
- CVSS
- MEDIUM 4.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-26
- Original CVE updated
- 2026-07-06
- Advisory published
- 2026-06-26
- Advisory updated
- 2026-07-06
Who should care
Users of KubeVirt, particularly those with access to the virt-launcher container, should be aware of this medium-severity flaw and take steps to mitigate it. Affected operator, platform, vulnerability-management, and security teams should prioritize patching or mitigation efforts.
Technical summary
The WriteToCachedFile function in KubeVirt's virt-handler writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. This allows a user with access to the virt-launcher container to plant a symlink at the cache file path, causing virt-handler to follow it and overwrite an arbitrary host file with JSON content and change its ownership. The flaw requires access to the virt-launcher container and has a CVSS score of 4.2, indicating a medium-severity vulnerability.
Defensive priority
Medium priority, as the flaw requires access to the virt-launcher container and has a CVSS score of 4.2. Recommended actions include applying vendor patches, restricting access to the virt-launcher container, and monitoring for suspicious activity.
Recommended defensive actions
- Apply the vendor patch or update to a fixed version of KubeVirt
- Restrict access to the virt-launcher container
- Monitor for suspicious activity related to virt-handler and cache files
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Evidence notes
The CVE record was published on 2026-06-26T00:16:51.147Z and last modified on 2026-07-06T17:46:14.380Z. The NVD entry is currently Analyzed. Evidence is limited to CVE and NVD information; further verification is recommended. Defensive verification tasks include reviewing vendor advisories and tracking affected systems.
Official resources
-
CVE-2026-13218 CVE record
CVE.org
-
CVE-2026-13218 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory, Mitigation
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-26T00:16:51.147Z and has not been modified since then. The NVD entry is currently Analyzed.